Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

How to protect DNS traffic - DNS filter?

How Fortigate DNS filter works? Blocking UDP DNS request-answers urls-IPs?

If i have...


1) Site A: Computers in this site connect to local router with local internet connection. DNS Server settings of computers is a Fortigate 100E in site B.

2) Site B: Computers in this site connect to its local fortigate 100E (all fortiguard security subscriptions). Fortigate DNS Server is active here. DNS Server settings of computers is the FG100E. FG100E connects to Internet locally in this site.


All works: a computer in site A sends a DNS request to its DNS Server in FG100E (Site B)... works. Note HTTP/HTTPS internet traffic doesn't flow between sites, only DNS traffic.


Question: can i protect computers in site A from malware blocking bad DNS urls, C&C, botnets...? Only with this fortigate device in site B? Can i protect site A by using DNS filters settings in Site B, in FG100E? Note: to send all internet traffic to site B is not an option, only dns traffic.


Because, Opendns works in this way, right? How to protect a group of different branches? DNS traffic? As OpenDNS does, but only with Fortinet? Can i send all DNS traffic from branches to HQ and then filter there ?






Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors