For current patch levels of FortiOS 5, there are some features left out with the smaller units (below 60C). One of these is the local DNS server (DNS database) on a 40C, as reported here: https://forum.fortinet.com/FindPost/91108 But that would not touch your problem - DNS forwarding has to be functional or else the FGT would not be able to serve as DHCP/DNS/gateway in small networks. So, my suspicion is that this setting is CLI only. Apart from that, running 4.3.14 on the 40C isn' t such a bad idea, after all. Rock solid and not too resource intensive. Forum Search is not limited in scope - dunno how you set it up but you can select " all entries" in the " within" parameter field.
config system dns-server edit <intf_name> set mode {forward-only | non-recursive | recursive} end endStraight from the v5.0 CLI Guide, pg. 507.
ORIGINAL: ede_pfau And what about this?And I think it' s also " great" that I have to waste time checking the 5.0 manual just to find that it doesn' t work as supposed... Nowhere I see it mentioned that the 40C has reduced features now. Thomas.config system dns-server edit <intf_name> set mode {forward-only | non-recursive | recursive} end endStraight from the v5.0 CLI Guide, pg. 507.
ORIGINAL: ede_pfau I don' t think it doesn' t work on a 40C. Release Notes would have mentioned this. How come you' re so sure that the 40C doesn' t have this feature? As I see it, there are 2 ways to proceed now: 1. Open a support ticket and let Fortinet fix this. 2. Try to track down the failure, kind of like this: you state that " it doesn' t work" - how do you notice? Are there any error messages (in the CLI)? If you deduct this from what you observe how DNS requests are not answered, did you debug this? Are requests coming in, going out, being replied to? I do have a 40C laying around here but hesitating to rig it up for this...that' s where option #1 comes in. Fortinet support ain' t helpless.Thank you, you must be thinking I' m clueless... I opened a support ticket and they told me just those CLI commands and when I told them that they only produce an error they finally wrote that " further research" showed them that those commands do not exist in 40C Fortigates anymore since 5.0. The firewall simply ignores DNS requests from clients on the internal or external network. And yes - I wasted a lot of time reading the release notes and 5.0 manual just to find out that the mentioned functions were removed without notice or release warning. Thomas.
FWF40C3911000XXX # config system dns? dns dns configuration dns-database dns-database dns-server dns-server FWF40C3911000XXX # config system dns The system is going down NOW !! Please stand by while rebooting the system. Restarting system. ü FortiWifi-40C (11:21-11.28.2011) Ver:04000004 Serial number: FWF40C3911000XXX CPU(00): 525MHz Total RAM: 512MB Initializing boot device... Initializing MAC... nplite#0 Press any key to display configuration menu... ...... Reading boot image... 1718752 bytes. Initializing firewall... System is starting... FWF40C3911000XXX login: admin Password: Welcome ! FWF40C3911000XXX # config system d? ddns Configure DDNS. dhcp Configure DHCP. dhcp6 Configure DHCPv6. dns Configure DNS. FWF40C3911000XXX # config system d?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
And yes - I wasted a lot of time reading the release notes and 5.0 manual just to find out that the mentioned functions were removed without notice or release warning.If you use the search link (at the top of this page) you will see older complaints about this and other items removed from the 40C. For me it was the VDOMs. I originally bought the 40C (last year) with the intent of using it for studying for the FCNSA/FCNSP exams -- the 40C was smallest unit (at the time) to support VDOMS. If I had known at that time that features on (4.0. MR3) was going to be removed when upgrading to 5.0, I would have likely gone with a 60C.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.