Have a hub and spoke VPN setup with DNS on hub network. Spoke network domain devices are provisioned by DHCP with our DNS. Any domain joined device can resolve DNS without issue. I have some android devices on the spoke side which will not resolve. The devices work perfectly when on the Hub side of the VPN. Any suggestions how I could force these to resolve?
That's interesting, can the Android Devices ping the DNS server? Are they assigned a different subnet on the firewall than the domain joined devices? Are you using Identity based rules that the Android devices wouldn't match? Do you see the correct DNS server on the Android device after DHCP has occurred?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.