Hi Everyone,
There is no "DNS Filter" forum group, so I am posting to "Web Filter" group.
I am using FG60E with Firmware v6.0.3 build0200.
I need DNS traslation feature.
First, I could not show it on GUI.
Second, I tried CLI:
config dnsfilter profile
edit "default"
config dns-translation
then I have got a error message,
command parse error before 'dns-translation'
Does it mean I can not use this feature on this FG60E model?
Or is it related to the inspection mode?
Is that feature only available in "proxy" inspection mode?
Then how can we set the inspection mode to "proxy" only with "DNS Filter" profile?
Thank you for any of your guidance.
I think you're looking at the 6.2 docs. This is a new feature for 6.2. See https://docs.fortinet.com/document/fortigate/6.2.0/new-features/200751/dns-add-dns-translation-to-dn....
In 6.0 dns translation is more in config firewall dnstranslation, and config firewall vip - set type dns-translation.
When I am trying to create a new VIP, "Type" is fixed to "Static NAT". So there is no option for "dns-translation".
When I do
config firewall dnstranslation
set src { }
set dst { }
the helper text indicates that "src" (resolved name by DNS) should be from the internal network, and "dst" should be from the external network. But what I need is reverse way, i.e., "src" will be the resolved address from DNS which is one of the IP from our WAN interface subnet, and "dst" will be the internal address for local host server.
Will it work ?
Sorry, I haven't used dnstranslation myself.
Is this still related to getting name resolution for your servers resolving to local IPs instead of the public IPs, per https://forum.fortinet.com/tm.aspx?m=175458? Would it be okay to use the FortiGate as a simple DNS server? You could just create DNS servers for your internal LAN interfaces, set the DNS server as recursive, and map your servers to their local IPs. Just don't set it as authoritative. This is what I've done at one of our locations. See https://docs.fortinet.com/document/fortigate/6.0.5/handbook/646332/dns under Configuring a Recursive DNS, and/or Split DNS.
Thank you tanr,
I will go with Recursive DNS you just mentioned.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.