Hello,
I have been trying to find a way to setup the Fortigate 60D as the Primary DNS in the NIC card on a PC connected to the router without success. I want to do this so I only have one place to change the DNS if I have the need.
Thank You,
Joe
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
JoeBucar wrote:Hello,
Thank you for the response. I do not see that option for assigning ports in Network --> DNS Servers.
Did you first enable the DNS Database option from the "System>Config>Features>" menu?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Hello,
Yes I did.
Thank You,
Joe
Hello,
First I want to thank you guys for your help. It made me look at things again and closer. I was able to set the internal interface to use the system DNS successfully. My problem was that I did not see Internal in the dropdown.
Once again Thanks,
Joe
JoeBucar wrote:My problem was that I did not see Internal in the dropdown.
Dont be confused if you cant see "Internal" in the drop down menu, choose the Interface "facing to you local network". In some fortigate models you cant see Internal but rather Port1 Port2 Port3 and so on...Hope it helps
Fortigate Newbie
Hello,
A question came up that I did not know how to answer. I will have different ISP's on WAN1 and WAN2. Let's say that WAN1 dies and WAN2 becomes active. The question is How do the devices on the internal ports know that WAN2 is active?
Thank You,
Joe
That's the beauty of failover...they don't have to know. As long as you have either;
-set up wan-link load balancing (in 5.2.x) or
-separate but similar rules between internal and WAN1, and internal and WAN2,
--static routes out to their respective gateways with different balances (different distances if you want full failover, different priorities if you want a more complex setup like load balancing), and
--Dead Gateway detect rules,
the Fortinet will failover seamlessly.
Back to the original question though...
If we set up internal to Forward to System DNS;
1) Will it use port 8888 like the box itself does (if that port option is set)?
2) if the system DNS is set to Fortinet's DNS servers themselves, is Fortinet OK with getting a lot of generic web traffic requests?
Our WAN failovers are hitting a snag because we have AD servers behind the boxes, and we have to set up DNS forwarders in this order;
Primary_ISP_DNS1
Secondary_ISP_DNS1
Primary_ISP_DNS2
Secondary_ISP_DNS2
Reason being, at many of our sites the ISP does not allow port 53 traffic out of their network (or allow 53 requests into their network from another). Setting the server to point to the Fortinet, and having those packets leave on port 8888, solves all of that.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.