I have split tunnel and split dns set up. When I vpn in I can see that my dns servers are set to what is defined in the split tunnel configuration. However, when I try to do a dns lookup the response shows me the dns server from the split tunnel but then gives me "Request timed out".
If I change the Firewall rule to do NATing of the SSL VPN connection DNS lookups work fine.
Does this mean I need a firewall rule allowing ssl.root to access the dns servers?
Solved! Go to Solution.
They must be missing something. Keep pushing them with the fact you couldn't see those packets on the virtual FGT side. Not your problem.
Toshi
AWS support says I did put in the routes correctly.
They must be missing something. Keep pushing them with the fact you couldn't see those packets on the virtual FGT side. Not your problem.
Toshi
As you suggested I did open a second case in the account where the fortigate is with AWS linking it back to my other case where the transit gateway is. I am going to force their hand.
AWS did come back and give me an answer.
What I have is an AWS Organization which is composed of many accounts in AWS connected together. Sadly, if you open a ticket with AWS support they are only able to look at the account the ticket was opened in. My original ticket was opened in the account where the Transit Gateways exist. But the FortiGates are in a different account. Support asked me to open a ticket in the account where the FortiGates exist too so they could see both sides of the Transit Gateway.
Initially I created a route on the Transit Gateway telling it that the route for my VPN Clients could be found on Transit Gateway attachment XYZ. So that took the packets to the correct VPC but then it was lost. Support then had me add a route for the VPN Clients in the VPC pointing to the ENI of the Fortigate.
After creating this everything worked.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1771 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.