good morning friends. One question, I am currently implementing an ssl vpn on a FortiGate machine. In the DNS Server option, is it advisable to specify the DNS of the client ? or is it the same as using the "Same as client system dns" option. What would be the advantage of using specific DNS.
If you specify a DNS explicitly, it may help you resolve both internal and external hostnames which otherwise won't be possible if using a Local Client side DNS. Maybe you need to access a resource which are internal to your organization using its FQDN after connecting to the VPN which won't be possible if you use a client side DNS.
What is your DNS server on FortiGate? The main difference is if Fortigate using public DNS and you need SSL VPN client to resolve internal DNS then this cannot be done. In this case you need to point to internal DNS server for VPN client to resolve internal FQDN such as AD service.
DNS option depends on your network requirements. "Same as client system dns" means VPN clients will continue to use their local DNS obtained from their home wifi/network. In that case, they won't be able to access internal resources behind the FortiGate through the VPN using domain name (only IP address will work).
If you have a DNS server in your network behind the FortiGate, you can specify it so that users will be able to access internal resources behind the FortiGate through the VPN using domain name/FQDN. That is an advantage.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.