Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Andrew_C
New Contributor

Created on ‎05-22-2024 08:08 PM

Fortiddns On 2 WAN

Hi Everyone,
I've configured 2 fortiddns on 2 wan in 60F (use SDWAN for failover) but I can't access FW using either one. I use the same configuration in 61E (also use SDWAN for failover) both can work. Is something missed in the configuration ?
Thanks for help.
Labels:
1005
0 Kudos
17 REPLIES 17
Toshi_Esumi
SuperUser
SuperUser

Created on ‎05-22-2024 09:43 PM Edited on ‎05-23-2024 07:42 AM

Are those IPs matching between the IPs wan1/wan2 currently have and the IPs the FQDNs (like xxxx and yyyy.fortiddns.com) resolve to? For the latter, you can see them in GUI under Network->DNS in FortiGuard DDNS section, or simply ping the FQDNs from a cmd window.

Toshi

598
rvillaroman
Staff
Staff

Created on ‎05-22-2024 10:09 PM

Having DDNS on 2 WAN connection for redundany may work but not recommended as it would take time for the IP to get updated. 
Kindly check this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiDDNS-priority-of-monitor-interfaces/t...

 

If you are unable to access the firewall using the DDNS could you check if this DDNS resolves to your public address?
If you are using custom admin-sport to access the Fortigate, make sure that it is added on the url as well.

rvillaroman
590
Andrew_C
New Contributor
In response to rvillaroman

Created on ‎05-25-2024 09:12 PM

Hi rvillaroman, both ddns can resolve to the corresponding public ip address and also can ping.

After disable either wan1 or wan2, I can access the FW using the corresponding fqdn. I don't know why ?

483
0 Kudos
hbac
Staff
Staff

Created on ‎05-23-2024 09:01 AM

Hi @Andrew_C

 

As suggested by Toshi_Esumi, please make sure the FQDN is resolving to the correct IP address. Also, if you want to access the FortiGate GUI, make sure you have HTTPS enabled under administrative access of both wan interfaces. 

 

Regards, 

534
0 Kudos
Andrew_C
New Contributor
In response to hbac

Created on ‎05-25-2024 09:15 PM

Hi hbac, both ddns can resolve to the corresponding public ip address and also can ping, https has enabled on both wan interfaces.

After disable either wan1 or wan2, I can access the FW using the corresponding fqdn. I don't know why ?

476
0 Kudos
hbac
Staff
Staff
In response to Andrew_C

Created on ‎05-27-2024 05:52 AM

@Andrew_C,

 

What is the firmware version? 

 

Regards, 

328
0 Kudos
rvillaroman
Staff
Staff

Created on ‎05-25-2024 09:25 PM Edited on ‎05-25-2024 09:25 PM

Hi @Andrew_C,

 

Are you using custom admin-sport or only default 443?
If you are using custom admin-sport, kindly use it on the URL.

 

Also, is your Fortigate accessible using the corresponding public IP address?

 

If it is also not accessible by using its corresponding public IP address, you might have a VIP configured on your device that is catching the GUI access requests.

 

Best Regards,

rvillaroman
469
0 Kudos
Andrew_C
New Contributor
In response to rvillaroman

Created on ‎05-25-2024 09:45 PM Edited on ‎05-25-2024 09:47 PM

Hi rvillaroman, default 443 is used and if both wan are enabled, I can't access the fw even using fqdn or ip address.

462
0 Kudos
rvillaroman
Staff
Staff
In response to Andrew_C

Created on ‎05-25-2024 10:54 PM

Do you have any VIPs configured on the FW? 
If yes, are you using your public IP on these external-to-internal mappings?

 

If you have, make sure that you are not using 443. 

 

rvillaroman
439
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.