Probably since thursday when our VPN (Forticlient 7.0.7.0245) is connected we have assigned local DNS but when trying to access or ping some internal services/servers it doesnt resolve.
Tried using command below and got our local DNS server
scutil --dns | grep 'nameserver\[[0-9]*\]'
when I use nslookup with hostname it also does resolve to IP.
Any ideas what could be wrong?
Thanks,
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I believe you are hitting the known issue
863431 | On macOS 13, FortiClient does not use internal DNS for SSL VPN tunnel. |
https://docs.fortinet.com/document/forticlient/7.2.0/macos-release-notes/124818/known-issues
The fix is expected in upcoming Forticlient versions.
I guess scutil --dns shows some DNS servers before the one that was added by VPN.
If the first DNS server respond with "record not found" then I think the host will not send the request to the remaining DNS server. It will only send to the second if the first doesn't respond at all (DNS server down).
We tried different versions of Forticlients 6.4.9.1460, 7.0.7.0245 and 7.2.0.0655 and none of them was working.
Tried to erase all data and settings. Tried to downgrade macOS to Catalina (10.15.7) and it worked, then upgraded to Monterey 12.6.5 and it was working. When upgraded to Ventura 13.3.1 DNS was no longer resolving hostnames.
Seems like issues is macOS version related (macOS Ventura) and hostnames cannot be resolved.
I believe you are hitting the known issue
863431 | On macOS 13, FortiClient does not use internal DNS for SSL VPN tunnel. |
https://docs.fortinet.com/document/forticlient/7.2.0/macos-release-notes/124818/known-issues
The fix is expected in upcoming Forticlient versions.
I had the same issue.
Worked for me. (v7.0.9)
Thanks bro! You saved my day!
Best!
Thank you!
I spent 4 hours investigating the root cause and finding the solution.
Works for v7.2.4.
This information would be useful on the page with known issues
https://docs.fortinet.com/document/forticlient/7.2.4/macos-release-notes/124818/known-issues
Hi,
Double-check the local DNS server address you have assigned. Make sure it is correct and accessible. You can do this by running the following command in the command prompt or terminal:
The problem may be that the VPN server is not forwarding DNS requests for internal services and servers correctly. Check your VPN settings to ensure that DNS queries are correctly forwarded to your local DNS server. It's also worth checking that internal services and servers have the correct DNS records and are accessible through the VPN.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1645 | |
1070 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.