Have a hub and spoke VPN setup with DNS on hub network. Spoke network domain devices are provisioned by DHCP with our DNS. Any domain joined device can resolve DNS without issue. I have some android devices on the spoke side which will not resolve. The devices work perfectly when on the Hub side of the VPN. Any suggestions how I could force these to resolve?
That's interesting, can the Android Devices ping the DNS server? Are they assigned a different subnet on the firewall than the domain joined devices? Are you using Identity based rules that the Android devices wouldn't match? Do you see the correct DNS server on the Android device after DHCP has occurred?
Replying to all your questions
Android Devices ping the DNS server? Yes by IP
Are they assigned a different subnet on the firewall than the domain joined devices? No same subnet
Are you using Identity based rules that the Android devices wouldn't match? No
Do you see the correct DNS server on the Android device after DHCP has occurred? Yes, working perfectly by IP only.
I can hit everything by IP. But domain names do not resolve.
you need to specify which DNS servers that the clients receive when they are allocated their VPN IP address when they connect
The DNS servers are my local domain DNS on my hub network. I have tested the same devices with this DNS configuration without the IPSEC VPN and they work.
Android------Spoke-FW---------IPSecVPN---------Hub-FW-------DNS-Server
I assume this is the simple topology, can you run a sniffer on Hub FW and confirm if the DNS requests are reaching the Hub-FW or DNS-Server via VPN
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.