Hello,
I am working on a Fortigate 600D v5.2.3, build 4944 . I cannot get the local DNS I configured on the unit to work through a transparent vdom, even though it works fine when I plug my computer on an interface in the NAT vdom.
On my configuration, the traffic both in and out goes through the transparent vdom, but I use the F600D as a DHCP server and, hopefully, a DNS. For both these options, it seems that I have to configure them in the NAT vdom, and communicate with them using vdom-links.
I got the DHCP server to work by:
- giving specific IPs to the virtual interfaces on the vdom-link on the NAT side, and (unrelated) configuring them as ip helper-addresses on the router that connects to the F600D
- creating policies to allow DHCP requests between the virtual interfaces on the vdom-link on the transparent side and the physical interface configured on the transparent vdom
I did the same for the DNS, but the DNS never replies when I talk with him through the transparent vdom, for example when I ping a random URL. A packet capture on the NAT interface of the vdom-link shows that the DNS request does arrive there, but no responses are ever sent. When I plug my computer on a physical interface in the NAT vdom and I ping a URL, the DNS will translate the URL as an IP address if it knows it.
I tried to show these two scenarios on the small diagram attached to this post. I can copy-paste my CLI configuration for the DHCP server and the DNS-server/database if you wish.
Thanks for your help!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1468 | |
1006 | |
748 | |
443 | |
206 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.