good morning friends.
One question, I am currently implementing an ssl vpn on a FortiGate machine.
In the DNS Server option, is it advisable to specify the DNS of the client ? or is it the same as using the "Same as client system dns" option. What would be the advantage of using specific DNS.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @unknown1020 ,
When you specify "same as client system dns" it will retain the Client's existing DNS settings and FGT will not push the DNS configuration to clients once its is connected to SSL VPN/
If you specify a DNS explicitly, it may help you resolve both internal and external hostnames which otherwise won't be possible if using a Local Client side DNS. Maybe you need to access a resource which are internal to your organization using its FQDN after connecting to the VPN which won't be possible if you use a client side DNS.
Best Regards,
Hi @unknown1020,
What is your DNS server on FortiGate? The main difference is if Fortigate using public DNS and you need SSL VPN client to resolve internal DNS then this cannot be done. In this case you need to point to internal DNS server for VPN client to resolve internal FQDN such as AD service.
Regards,
Minh
Hi @unknown1020,
DNS option depends on your network requirements. "Same as client system dns" means VPN clients will continue to use their local DNS obtained from their home wifi/network. In that case, they won't be able to access internal resources behind the FortiGate through the VPN using domain name (only IP address will work).
If you have a DNS server in your network behind the FortiGate, you can specify it so that users will be able to access internal resources behind the FortiGate through the VPN using domain name/FQDN. That is an advantage.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1527 | |
1020 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.