- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortiddns On 2 WAN
- Labels:
-
FortiDNS
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are those IPs matching between the IPs wan1/wan2 currently have and the IPs the FQDNs (like xxxx and yyyy.fortiddns.com) resolve to? For the latter, you can see them in GUI under Network->DNS in FortiGuard DDNS section, or simply ping the FQDNs from a cmd window.
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Having DDNS on 2 WAN connection for redundany may work but not recommended as it would take time for the IP to get updated.
Kindly check this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiDDNS-priority-of-monitor-interfaces/t...
If you are unable to access the firewall using the DDNS could you check if this DDNS resolves to your public address?
If you are using custom admin-sport to access the Fortigate, make sure that it is added on the url as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi rvillaroman, both ddns can resolve to the corresponding public ip address and also can ping.
After disable either wan1 or wan2, I can access the FW using the corresponding fqdn. I don't know why ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Andrew_C,
As suggested by Toshi_Esumi, please make sure the FQDN is resolving to the correct IP address. Also, if you want to access the FortiGate GUI, make sure you have HTTPS enabled under administrative access of both wan interfaces.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi hbac, both ddns can resolve to the corresponding public ip address and also can ping, https has enabled on both wan interfaces.
After disable either wan1 or wan2, I can access the FW using the corresponding fqdn. I don't know why ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Andrew_C,
Are you using custom admin-sport or only default 443?
If you are using custom admin-sport, kindly use it on the URL.
Also, is your Fortigate accessible using the corresponding public IP address?
If it is also not accessible by using its corresponding public IP address, you might have a VIP configured on your device that is catching the GUI access requests.
Best Regards,
Created on 05-25-2024 09:45 PM Edited on 05-25-2024 09:47 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi rvillaroman, default 443 is used and if both wan are enabled, I can't access the fw even using fqdn or ip address.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have any VIPs configured on the FW?
If yes, are you using your public IP on these external-to-internal mappings?
If you have, make sure that you are not using 443.