Hello
We are running into issues with FDQNs we enter in the address section of the Fortigate resolving to different IPs than our client computers.
I did some research and found the articles that talk about matching the client and firewall DNS servers.
Currently our Fortigate is configured with Fortiguard DNS servers. I suppose I could change those to manually point to our internal DNS servers, but am I losing out on some security? We use QUAD9 internally as a DNS forwarder for our internal domain hosted DNS.. I could also change the Fortigate to QUAD9 as well and I think that might accomplish the same thing.
Any thoughts?
Hello @Envious3821
If internal FQDN resolution is critical for your FortiGate, consider pointing the FortiGate to your internal DNS servers and ensuring your internal DNS forwards to QUAD9.
Articles to refer to:
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/960561/fortigate-dns-server
https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/960561/fortigate-dns-server
This approach ensures you maintain internal domain resolution. In terms of security, it largely depends on how you are securing your network and DNS traffic. FortiGate offers DNS over TLS (DoT) on port 853, providing encrypted DNS queries. However, if you decide to use your internal DNS server or any other external server, you can use the following article:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-Cloudflare-DNS-with-DNS-over-T...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.