DNS resolution

Timur1 · ‎02-15-2024

Hi guys,

Need some help figuring out this DNS issue.

Scenario:

1) on prem fortigate is connected to AWS via ipsec tunnel.

2) on prem windows based DNS server is configured on fortigate and everything is working fine
3) using SSL vpn for remote users to connect to network

4) able to reach on prem and AWS resources

5) NOT able to resolve AWS DNS names when connected via SSL VPN (split tunnel)

6) nslookup is able to resolve the web address and show correct on prem DNS server

7) Still not able to access the website, curl command also shows no result

if anyone has a suggestion as to why this is happening i would greatly appreciate that. thanks

AEK · ‎02-15-2024

Hi

If I understand well your issue, I think the fastest way to fix this is to add AWS DNS as secondary DNS in your SSL VPN settings.

AEK

Timur1 · ‎02-15-2024

hi, i tried that already. it doesn't work. i added the AWS DNS to port DNA settings.

AEK · ‎02-15-2024

Have added a firewall policy to allow this DNS traffic from VPN clients to AWS?

You may also need to add a route back on AWS to reach you VPN clients.

After that disconnect the client the connect again, the try nslookup from client to send DNS query from client to AWS.

AEK

DNS resolution

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website