Forticlient MAC - DNS not resolving internal hostnames

micant · ‎05-14-2023

Probably since thursday when our VPN (Forticlient 7.0.7.0245) is connected we have assigned local DNS but when trying to access or ping some internal services/servers it doesnt resolve.

Tried using command below and got our local DNS server

scutil --dns | grep 'nameserver\[[0-9]*\]'

when I use nslookup with hostname it also does resolve to IP.

Any ideas what could be wrong?

Thanks,

srajeswaran · ‎05-17-2023

I believe you are hitting the known issue

863431

On macOS 13, FortiClient does not use internal DNS for SSL VPN tunnel.

https://docs.fortinet.com/document/forticlient/7.2.0/macos-release-notes/124818/known-issues

The fix is expected in upcoming Forticlient versions.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

AEK · ‎05-14-2023

I guess scutil --dns shows some DNS servers before the one that was added by VPN.

If the first DNS server respond with "record not found" then I think the host will not send the request to the remaining DNS server. It will only send to the second if the first doesn't respond at all (DNS server down).

AEK

micant · ‎05-17-2023

We tried different versions of Forticlients 6.4.9.1460, 7.0.7.0245 and 7.2.0.0655 and none of them was working.

Tried to erase all data and settings. Tried to downgrade macOS to Catalina (10.15.7) and it worked, then upgraded to Monterey 12.6.5 and it was working. When upgraded to Ventura 13.3.1 DNS was no longer resolving hostnames.

Seems like issues is macOS version related (macOS Ventura) and hostnames cannot be resolved.

srajeswaran · ‎05-17-2023

I believe you are hitting the known issue

863431

On macOS 13, FortiClient does not use internal DNS for SSL VPN tunnel.

https://docs.fortinet.com/document/forticlient/7.2.0/macos-release-notes/124818/known-issues

The fix is expected in upcoming Forticlient versions.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

jpfigueira · ‎08-03-2023

I had the same issue.

Look for the vpn.plist file (something like this /Library/Application Support/Fortinet/FortiClient/conf/vpn.plist)
Open it ("sudo vim /Library/Application Support/Fortinet/FortiClient/conf/vpn.plist")
Change the property "InheritLocalDNS" from 0 to 1
Save and close

Worked for me. (v7.0.9)

Kefir · ‎03-07-2024

Thanks bro! You saved my day!

Best!

Orion · ‎03-28-2024

Thank you!

I spent 4 hours investigating the root cause and finding the solution.

Works for v7.2.4.

This information would be useful on the page with known issues

https://docs.fortinet.com/document/forticlient/7.2.4/macos-release-notes/124818/known-issues

mgoswami · ‎08-03-2023

Hi,

Double-check the local DNS server address you have assigned. Make sure it is correct and accessible. You can do this by running the following command in the command prompt or terminal:

ifconfig -a

BR,

Manosh

CatInHat · ‎03-29-2024

The problem may be that the VPN server is not forwarding DNS requests for internal services and servers correctly. Check your VPN settings to ensure that DNS queries are correctly forwarded to your local DNS server. It's also worth checking that internal services and servers have the correct DNS records and are accessible through the VPN.

Forticlient MAC - DNS not resolving internal hostnames

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website