- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DNS of SSL-VPN
Dears,
I recently configure SSL-VPN on my Fortigate 40F.
The connection is successful in my iPhone.
Howevver, I found that I can only connect to our internal NAS/server using its private IP, like 192.168.3.x.
I have set the A record of our NAS/server with their private IP but it not works.
Can you advise what should I do to connect to our internal NAS/server with its FQDN?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can either,
or set a internal dns server which can resolve the fqdn,
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-DNS-servers-per-SSL-VPN-Portal... with https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-set-DNS-suffix-for-VPN-SSL-and-IPse...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi I tried the second approach but the CLI said:
command parse error before 'dns-server1'
Command fail. Return code -61
It seems the command changed?
Created on 10-20-2024 07:36 AM Edited on 10-20-2024 07:40 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where/when does the error pop? The article saying under the ssl web portal, i dont know if its still works like that, i always do it under the ssl settings.
You should configure the dns server under sslvpn settings alonsgide the dns-suffix in order to resolve the shortname.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi funkylicious
I have settings in the GUI like this:
Please advise me if I have missed any setting. Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Those settings are relevant for the device.
The ones that you need are configured in the CLI, config vpn ssl settings.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear @YHC
If you could connect to the fully qualified domain (hostname.fully_qualified_domain.local), then your issue is with the DNS suffix.
Please add DNS Suffix on your SSL VPN configuration.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-set-DNS-suffix-for-VPN-SSL-and-IPse...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-DNS-Suffix-per-SSL-VPN-Portal/ta-p/277180
Arnold Dimailig
TAC Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear @adimailig
I cannot connect to the fully qualified domain (hostname.fully_qualified_domain.local).
I have also added DNS suffix on my SSL VPN configuration.
Do you have any advises?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear All,
I just realized that the issue only happened in my iPhone.
I have no problems when using windows to connect by FQDN.
If using iPhone, I can only connect by private IP, not. FQDN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From your iPhone device, can you do ping or nslookup of the hostname?
If the iPhone device could not resolve the name, it seems to be limitation from IPhone.
In addition, there are forums telling that DNS from VPN (IOS) won't be applied if you have split tunnel enable.
https://community.zyxel.com/en/discussion/17951/problem-with-iphone-vpn-dns
Arnold Dimailig
TAC Engineer