Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiConnect
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDB
- FortiDDoS
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Error not seeing SDNS IP configuration for For...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Error not seeing SDNS IP configuration for Fortiguard on Fortigate 7.4.4
Dear team,
I have DNS Filter configuration and have full license. But when configuring SDNS for fortigruad, I don't see the command to configure.
Please help me, I am integrating remote access on DNS filter
Thanks team
Labels:
- Labels:
-
FortiGate
-
FortiGuard
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have the DNS Filter configuration with a full license and are trying to configure Secure DNS (SDNS) on FortiGate with FortiGuard but do not see the command to configure, there are a few things that could be happening:
1. FortiOS Version:
Ensure that you are using a FortiOS version that supports SDNS. Some FortiOS versions might not include certain commands for DNS filtering or SDNS.
To check your version, use the following CLI command:
bash
Copy code
get system status
This will show your FortiOS version. Ensure that it's up to date as certain features might only appear in newer versions.
2. FortiGuard DNS Filtering (SDNS) License Activation:
Make sure your FortiGuard DNS Filtering license is activated properly. You can verify that your FortiGate is licensed to use FortiGuard DNS services by checking:
#get system FortiGuard
Look for the status of "FortiGuard Web Filter" and "FortiGuard DNS Filter" to ensure they are enabled.
3. Configuring Secure DNS (SDNS) via CLI:
If you’re trying to configure SDNS specifically for FortiGuard DNS filtering, and you don’t see the command in the graphical interface, you can use the CLI. Usually, the SDNS configuration would be part of the DNS settings or the DNS filter profile setup.
Enable DNS Filtering: If not already done, go to Security Profiles → DNS Filter and make sure that the FortiGuard DNS filtering is enabled in your profile.
Configure DNS Server with SDNS: In some cases, SDNS can be manually configured in the FortiGate by defining a specific DNS server that supports SDNS (FortiGuard or others).
Use the following commands in the CLI:
config system dns
set primary <Primary DNS IP Address>
set secondary <Secondary DNS IP Address> # If available
set dns-over-tls enable # This enables DNS over TLS (SDNS)
end
If you don’t see dns-over-tls or dns-over-https in the command options, your FortiGate model or FortiOS version might not support it.
Assign DNS Filter to a Policy: After creating a DNS Filter profile (including the FortiGuard category-based filtering), apply it to a security policy. Use the following commands:
config firewall policy
edit <Policy ID>
set dnsfilter-profile "<Your DNS Filter Profile>"
next
end
4. Troubleshooting:
Command Missing in CLI: If you're sure that SDNS should be supported on your device but still don't see the command, try updating the firmware to the latest stable version of FortiOS. FortiGate frequently adds new features and commands in newer versions.
FortiGuard Connectivity: Ensure that your FortiGate can communicate with FortiGuard servers. Check the connectivity with:
diag debug rating
This will show the status of the FortiGuard server connectivity. If FortiGuard servers aren’t reachable, the SDNS feature might not function properly.
DNS Over HTTPS (DoH): If your goal is to configure DNS over HTTPS (DoH) instead of DNS over TLS (DoT), check if the option is available in your FortiOS version. If DoH support is available, you might need to specify a specific DNS over HTTPS provider.
Related link: DDNS | FortiGate / FortiOS 7.4.4 | Fortinet Document Library
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Multicast Issue in Layer 2: VLC... 73 Views
- Error not seeing SDNS IP configuration... 75 Views
- Issues with TCP Syslog Logs on... 131 Views
- Telnet - non default port 217 Views
- High CPU Usage on FortiGate VM02... 197 Views
Labels
-
FortiGate
8,088 -
FortiClient
1,624 -
5.2
801 -
FortiManager
682 -
5.4
639 -
FortiAnalyzer
518 -
FortiSwitch
427 -
FortiAP
427 -
6.0
416 -
FortiClient EMS
366 -
5.6
362 -
FortiMail
301 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
189 -
SSL-VPN
179 -
FortiNAC
164 -
IPsec
154 -
6.4
128 -
FortiGuard
126 -
FortiGateCloud
98 -
FortiSIEM
94 -
FortiCloud Products
94 -
SD-WAN
89 -
FortiToken
86 -
Customer Service
74 -
Wireless Controller
74 -
FortiAuthenticator
70 -
4.0MR3
64 -
Firewall policy
59 -
FortiProxy
53 -
Fortivoice
50 -
FortiEDR
50 -
FortiADC
49 -
FortiExtender
43 -
VLAN
42 -
FortiDNS
41 -
High Availability
41 -
FortiSandbox
39 -
ZTNA
37 -
FortiGate v5.4
35 -
Routing
35 -
LDAP
34 -
FortiSwitch v6.4
33 -
DNS
33 -
BGP
32 -
SAML
31 -
Certificate
30 -
Interface
29 -
SSO
27 -
NAT
27 -
FortiConnect
26 -
FortiConverter
25 -
Authentication
25 -
FortiWAN
24 -
RADIUS
24 -
FortiLink
24 -
FortiGate v5.2
23 -
VDOM
23 -
Application control
21 -
Web profile
21 -
Virtual IP
20 -
Fortigate Cloud
19 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
Logging
18 -
Traffic shaping
17 -
FortiMonitor
16 -
FortiPAM
16 -
FortiDDoS
15 -
FortiGate v5.0
14 -
SSL SSH inspection
14 -
OSPF
13 -
FortiCASB
12 -
SSID
12 -
Admin
12 -
IP address management - IPAM
12 -
FortiManager v5.0
11 -
Automation
11 -
Static route
11 -
WAN optimization
11 -
Web application firewall profile
11 -
FortiSOAR
10 -
FortiRecorder
10 -
SNMP
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
System settings
9 -
FortiManager v4.0
8 -
FortiBridge
8 -
RMA Information and Announcements
8 -
IPS signature
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
Security profile
7 -
Traffic shaping policy
7 -
Port policy
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Fabric connector
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiDeceptor
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Antivirus profile
4 -
Traffic shaping profile
4 -
Application signature
4 -
DLP sensor
4 -
Email filter profile
4 -
Netflow
4 -
Web rating
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Replacement messages
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
API
2 -
FortiNDR
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
Service
2 -
Zone
2 -
Cloud Management Security
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1519 | |
| 1019 | |
| 749 | |
| 443 | |
| 209 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.