- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DNS SSL VPN setting
good morning friends.
One question, I am currently implementing an ssl vpn on a FortiGate machine.
In the DNS Server option, is it advisable to specify the DNS of the client ? or is it the same as using the "Same as client system dns" option. What would be the advantage of using specific DNS.
- Labels:
-
FortiClient
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @unknown1020 ,
When you specify "same as client system dns" it will retain the Client's existing DNS settings and FGT will not push the DNS configuration to clients once its is connected to SSL VPN/
If you specify a DNS explicitly, it may help you resolve both internal and external hostnames which otherwise won't be possible if using a Local Client side DNS. Maybe you need to access a resource which are internal to your organization using its FQDN after connecting to the VPN which won't be possible if you use a client side DNS.
Best Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @unknown1020,
What is your DNS server on FortiGate? The main difference is if Fortigate using public DNS and you need SSL VPN client to resolve internal DNS then this cannot be done. In this case you need to point to internal DNS server for VPN client to resolve internal FQDN such as AD service.
Regards,
Minh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @unknown1020,
DNS option depends on your network requirements. "Same as client system dns" means VPN clients will continue to use their local DNS obtained from their home wifi/network. In that case, they won't be able to access internal resources behind the FortiGate through the VPN using domain name (only IP address will work).
If you have a DNS server in your network behind the FortiGate, you can specify it so that users will be able to access internal resources behind the FortiGate through the VPN using domain name/FQDN. That is an advantage.
Regards,