- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 60D as Primary DNS
Hello,
I have been trying to find a way to setup the Fortigate 60D as the Primary DNS in the NIC card on a PC connected to the router without success. I want to do this so I only have one place to change the DNS if I have the need.
Thank You,
Joe
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thank you for the response. I do not see that option for assigning ports in Network --> DNS Servers.
Thank You,
Joe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
JoeBucar wrote:Hello,
Thank you for the response. I do not see that option for assigning ports in Network --> DNS Servers.
Did you first enable the DNS Database option from the "System>Config>Features>" menu?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Yes I did.
Thank You,
Joe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
First I want to thank you guys for your help. It made me look at things again and closer. I was able to set the internal interface to use the system DNS successfully. My problem was that I did not see Internal in the dropdown.
Once again Thanks,
Joe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
JoeBucar wrote:My problem was that I did not see Internal in the dropdown.
Dont be confused if you cant see "Internal" in the drop down menu, choose the Interface "facing to you local network". In some fortigate models you cant see Internal but rather Port1 Port2 Port3 and so on...Hope it helps
Fortigate Newbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
A question came up that I did not know how to answer. I will have different ISP's on WAN1 and WAN2. Let's say that WAN1 dies and WAN2 becomes active. The question is How do the devices on the internal ports know that WAN2 is active?
Thank You,
Joe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's the beauty of failover...they don't have to know. As long as you have either;
-set up wan-link load balancing (in 5.2.x) or
-separate but similar rules between internal and WAN1, and internal and WAN2,
--static routes out to their respective gateways with different balances (different distances if you want full failover, different priorities if you want a more complex setup like load balancing), and
--Dead Gateway detect rules,
the Fortinet will failover seamlessly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Back to the original question though...
If we set up internal to Forward to System DNS;
1) Will it use port 8888 like the box itself does (if that port option is set)?
2) if the system DNS is set to Fortinet's DNS servers themselves, is Fortinet OK with getting a lot of generic web traffic requests?
Our WAN failovers are hitting a snag because we have AD servers behind the boxes, and we have to set up DNS forwarders in this order;
Primary_ISP_DNS1
Secondary_ISP_DNS1
Primary_ISP_DNS2
Secondary_ISP_DNS2
Reason being, at many of our sites the ISP does not allow port 53 traffic out of their network (or allow 53 requests into their network from another). Setting the server to point to the Fortinet, and having those packets leave on port 8888, solves all of that.
- « Previous
-
- 1
- 2
- Next »