- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to solve DNS resolve failed problem when connect to SSL VPN?
I'm able to connect to ping my server and access local system last week, but today I tried to connect it shows error DNS resolve failed. I did not make any changes and this error has been solved, why got this error again? I cant ping my server in command prompt and access the local system now. My current version of FortiClient VPN is 7.2.3.0929, is it because of the updates?
Please help. Thanks!
- Labels:
-
FortiClient
-
FortiGate
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @pxiannie,
I can see that you are using public DNS servers. Do you have split tunneling enabled?
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, I didnt enabled. I disabled the tunnel mode split tunneling. The DNS split tunneling also didnt enabled.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If split tunneling is disabled, that means DNS traffic will go through the FortiGate. Please run debug flow by following this article to see if the traffic is being dropped: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Regards,
Created on 02-05-2024 12:13 AM Edited on 02-05-2024 12:14 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @hbac ,
I run diag debug flow trace start 100 and it show me message "Denied by forward policy check (policy 0)" , but I did set my service to all for firewall policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That means you don't have a firewall policy to allow traffic from ssl.root to ppp2. Please check your policy.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
have you tried enabling the DNS DB ?
FortiGate DNS server | FortiGate / FortiOS 6.2.13 | Fortinet Document Library
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, because prevously I did not set also able to ping server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That would enable a full DNS server in the FG, that you need to maintain.
Here's what we do, that works:
Put internal DNS servers in the SSL-VPM Settings
Enable Split-Tummel, Policy Based
Then your client will use the PC's local DNS servers when accessing the internet, and your internal DNS servers when asking for sites based over the VPN (as specified in the FW rule in Destination)
IT System Admin,
Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Created on 02-05-2024 09:15 PM Edited on 02-06-2024 01:21 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Jakob-AHHG ,
I did put internal DNS servers in SSL VPN Settings.
This is how I set my SSL VPN Portal, does the routing address override set correctly?
Here is my firewall policy
Updated:
I'm able to ping my server ip address after I set the routing address override to ssl vpn address. But why still not able to ping my servername?
Regards,