Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
YHC
New Contributor III

DNS of SSL-VPN

Dears,

 

I recently configure SSL-VPN on my Fortigate 40F.

The connection is successful in my iPhone.

Howevver, I found that I can only connect to our internal NAS/server using its private IP, like 192.168.3.x.

I have set the A record of our NAS/server with their private IP but it not works.

 

Can you advise what should I do to connect to our internal NAS/server with its FQDN?

Thank you.

11 REPLIES 11
funkylicious
SuperUser
SuperUser

"jack of all trades, master of none"
YHC
New Contributor III

Hi I tried the second approach but the CLI said:

 

command parse error before 'dns-server1'
Command fail. Return code -61

 

It seems the command changed?

funkylicious

Where/when does the error pop? The article saying under the ssl web portal, i dont know if its still works like that, i always do it under the ssl settings.

You should configure the dns server under sslvpn settings alonsgide the dns-suffix in order to resolve the shortname.

 

config vpn ssl settings
    set dns-server1 <>
end
"jack of all trades, master of none"
"jack of all trades, master of none"
YHC
New Contributor III

Hi funkylicious

 

I have settings in the GUI like this:

Please advise me if I have missed any setting.  Thank you.

截圖 2024-10-21 07.16.55.png截圖 2024-10-21 07.17.16.png

funkylicious

Hi,
Those settings are relevant for the device.

The ones that you need are configured in the CLI, config vpn ssl settings.

"jack of all trades, master of none"
"jack of all trades, master of none"
adimailig
Staff
Staff

Dear @YHC 

If you could connect to the fully qualified domain (hostname.fully_qualified_domain.local), then your issue is with the DNS suffix.
Please add DNS Suffix on your SSL VPN configuration.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-set-DNS-suffix-for-VPN-SSL-and-IPse...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-DNS-Suffix-per-SSL-VPN-Portal/ta-p/277180


Best Regards,

Arnold Dimailig
TAC Engineer
YHC
New Contributor III

Dear @adimailig

 

I cannot connect to the fully qualified domain (hostname.fully_qualified_domain.local).

I have also added DNS suffix on my SSL VPN configuration.

 

Do you have any advises?

Thank you.

 

YHC
New Contributor III

Dear All,

 

I just realized that the issue only happened in my iPhone.

I have no problems when using windows to connect by FQDN.

If using iPhone, I can only connect by private IP, not. FQDN.

adimailig

From your iPhone device, can you do ping or nslookup of the hostname?
If the iPhone device could not resolve the name, it seems to be limitation from IPhone.
In addition, there are forums telling that DNS from VPN (IOS) won't be applied if you have split tunnel enable.
https://community.zyxel.com/en/discussion/17951/problem-with-iphone-vpn-dns

Best Regards,

Arnold Dimailig
TAC Engineer
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors