Hi
Fortigate 101F
Version 7.6.0
I'm trying to reduce the TTL for a number of fqdn addresses by setting the cache-ttl on the address object itself.
When the default cache-ttl is set to 0, and also the global setting for fqdn-cache-ttl is set to 0, it is using 2400 seconds - which I assume is from the DNS query response. (The Fortigate is configured to use our DCs for DNS)
.
To overcome this, I have set the cache-ttl to 60 under the FQDN type address object, but it continues to use the 2400 timer?.
I am checking this by using command - diag test app dnsproxy 6
Any help much appreciated
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Did you get a change to check this article;
Did you tried this setting;
config system dns
set fqdn-cache-ttl 2000
end
Or this one;
config firewall address
edit "FQDN_s3-fips.us-gov-west-1.amazonaws.com/"
set type fqdn
set fqdn "s3-fips.us-gov-west-1.amazonaws.com"
set cache-ttl 86400 <----- Default value is 0.
next
What is the Firmware version
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.