Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Patrick3
New Contributor

Created on ‎09-09-2013 01:17 PM

FortiClient 5.0.4 Mac OSX and DNS Suffix

Hello, It appears that the FortiClient 5.0.4 for Mac OSX does not properly pull down and apply the DNS search suffix settings configured on the Fortigate 100D firewall. Our windows clients are pulling the dns search settings fine but not the macs. I called tech support but the Fortinet rep said it was an issue with Mac OSX. I don' t think it is an issue with OSX as it was working with one of the other 5.0.x firmware versions on the firewall. Anyone else have any feedback on this problem? Kind regards,
7965
0 Kudos
5 REPLIES 5
kolawale_FTNT
Staff
Staff

Created on ‎09-09-2013 03:58 PM

Please explain how FortiClient is related to the DNS settings. Are you connecting to the FortiGate using VPN? If yes, please provide both the FortiOS and the FortiClient configuration files. If not connecting by VPN, explain how it was determined that the issue you posted is caused by FortiClient. If you shutdown FortiClient on the Mac OS X client, would the DNS settings correctly received?
2557
0 Kudos
Patrick3
New Contributor

Created on ‎09-10-2013 06:45 AM

Yes, this is specifically regarding users connecting via the SSL VPN client / portal. The DNS servers and domain suffix search settings are pushed to the client in windows but in osx the dns search suffix never gets pushed. I' ll try and post the configs later but keep in mind that the config works fine for windows and that Fortinet support people said the config on the firewall is ok.
2558
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎09-10-2013 06:48 AM

I will check on my unit, but don' t recall anything being pushed either to the MACOSX. I will post whatever I find later.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2558
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎09-10-2013 08:30 PM

MACOSX lion, no go either. # # This file is automatically generated. # nameserver 8.8.8.8 nameserver 8.8.4.4 # # Mac OS X Notice # # This file is not used by the host name and address resolution # or the DNS query routing mechanisms used by most processes on # this Mac OS X system. # # This file is automatically generated. # I even change stuff around and re-tried nameserver 8.8.7.7 nameserver 8.8.4.4 cat /etc/resolv.conf # # Mac OS X Notice # # This file is not used by the host name and address resolution # or the DNS query routing mechanisms used by most processes on # this Mac OS X system. # # This file is automatically generated. # domain ##### nameserver ####### nameserver ####### nameserver ####### And the config used; config vpn ssl settings set dns-server1 8.8.8.8 set dns-server2 8.8.4.4 set tunnel-ip-pools " SSLVPN_TUNNEL_ADDR1" set tunnel-ipv6-pools " SSLVPNpool1" set dns-suffix " example.com" set ipv6-dns-server1 2001:4860:4860::8888 set ipv6-dns-server2 2001:4860:4860::8844 end forticlient used;

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Preview file
25 KB
2558
0 Kudos
kolawale_FTNT
Staff
Staff
In response to emnoc

Created on ‎09-12-2013 11:42 AM

emnoc, When using: 
    set dns-suffix " example.com"
in your FortiOS configuration, did you find that, after FortiClient has established an SSL VPN connection, you were able to ping a name in that domain? For instance, 
    ping mail
gets resolved to mail.example.com? Is " example.com" included in the output of the command " scutil --dns" on your Mac OS X?
2558
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.