Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Andrew_C
New Contributor

Fortiddns On 2 WAN

Hi Everyone,
I've configured 2 fortiddns on 2 wan in 60F (use SDWAN for failover) but I can't access FW using either one. I use the same configuration in 61E (also use SDWAN for failover) both can work. Is something missed in the configuration ?
Thanks for help.
17 REPLIES 17
Toshi_Esumi
SuperUser
SuperUser

Are those IPs matching between the IPs wan1/wan2 currently have and the IPs the FQDNs (like xxxx and yyyy.fortiddns.com) resolve to? For the latter, you can see them in GUI under Network->DNS in FortiGuard DDNS section, or simply ping the FQDNs from a cmd window.

Toshi

rvillaroman
Staff
Staff

Having DDNS on 2 WAN connection for redundany may work but not recommended as it would take time for the IP to get updated. 
Kindly check this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiDDNS-priority-of-monitor-interfaces/t...

 

If you are unable to access the firewall using the DDNS could you check if this DDNS resolves to your public address?
If you are using custom admin-sport to access the Fortigate, make sure that it is added on the url as well.

rvillaroman
Andrew_C

Hi rvillaroman, both ddns can resolve to the corresponding public ip address and also can ping.

After disable either wan1 or wan2, I can access the FW using the corresponding fqdn. I don't know why ?

hbac
Staff
Staff

Hi @Andrew_C

 

As suggested by Toshi_Esumi, please make sure the FQDN is resolving to the correct IP address. Also, if you want to access the FortiGate GUI, make sure you have HTTPS enabled under administrative access of both wan interfaces. 

 

Regards, 

Andrew_C
New Contributor

Hi hbac, both ddns can resolve to the corresponding public ip address and also can ping, https has enabled on both wan interfaces.

After disable either wan1 or wan2, I can access the FW using the corresponding fqdn. I don't know why ?

hbac

@Andrew_C,

 

What is the firmware version? 

 

Regards, 

rvillaroman
Staff
Staff

Hi @Andrew_C,

 

Are you using custom admin-sport or only default 443?
If you are using custom admin-sport, kindly use it on the URL.

 

Also, is your Fortigate accessible using the corresponding public IP address?

 

If it is also not accessible by using its corresponding public IP address, you might have a VIP configured on your device that is catching the GUI access requests.

 

Best Regards,

rvillaroman
Andrew_C

Hi rvillaroman, default 443 is used and if both wan are enabled, I can't access the fw even using fqdn or ip address.

rvillaroman

Do you have any VIPs configured on the FW? 
If yes, are you using your public IP on these external-to-internal mappings?

 

If you have, make sure that you are not using 443. 

 

rvillaroman
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors