Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

DNS SSL VPN setting

good morning friends.
One question, I am currently implementing an ssl vpn on a FortiGate machine.
In the DNS Server option, is it advisable to specify the DNS of the client ? or is it the same as using the "Same as client system dns" option. What would be the advantage of using specific DNS.


Hi @unknown1020 ,


When you specify "same as client system dns" it will retain the Client's existing DNS settings and FGT will not push the DNS configuration to clients once its is connected to SSL VPN/


If you specify a DNS explicitly, it may help you resolve both internal and external hostnames which otherwise won't be possible if using a Local Client side DNS. Maybe you need to access a resource which are internal to your organization using its FQDN after connecting to the VPN which won't be possible if you use a client side DNS.


Best Regards,



Hi @unknown1020,

What is your DNS server on FortiGate? The main difference is if Fortigate using public DNS and you need SSL VPN client to resolve internal DNS then this cannot be done. In this case you need to point to internal DNS server for VPN client to resolve internal FQDN such as AD service.



Hi @unknown1020,


DNS option depends on your network requirements. "Same as client system dns" means VPN clients will continue to use their local DNS obtained from their home wifi/network. In that case, they won't be able to access internal resources behind the FortiGate through the VPN using domain name (only IP address will work). 


If you have a DNS server in your network behind the FortiGate, you can specify it so that users will be able to access internal resources behind the FortiGate through the VPN using domain name/FQDN. That is an advantage. 



Top Kudoed Authors