Seeking a Fortinet solution to replace our Umbrella DNS Advantage for remote users.
The goal is to enforce DNS filtering for all remote users, regardless of whether or not they are on/off VPN. Forticlient doesn't support the DNS filtering profile (only on Gates).
My research comes up with the following potential solutions. Looking for any other comments or suggestions.
User on prem = use DNS filter on the gate
Remote user on FCT/EMS = force always-on vpn and make sure DNS traffic is routed over the tunnel and DNS Filter profile is applied to a FW policy
Remote user on SASE = force always-on and apply the DNS Filter profile in the SASE POP.
Thanks all,
Don
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
FortiSASE is a good option as clients internet traffic don't have to go through the FortiGate.
Regards,
You can configure FortiGate as a DNS server to listen for DNS queries and have them apply a DNS filter for both on-prem and off-prem users without the use of a VPN.
Hope that helps.
Kind Regards,
Bijay Prakash Ghising
thanks Bijay......that's a good option.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.