Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pxiannie
New Contributor III

Created on ‎02-01-2024 01:07 AM Edited on ‎02-01-2024 01:10 AM

How to solve DNS resolve failed problem when connect to SSL VPN?

I'm able to connect to ping my server and access local system last week, but today I tried to connect it shows error DNS resolve failed. I did not make any changes and this error has been solved, why got this error again?  I cant ping my server in command prompt and access the local system now. My current version of FortiClient VPN is 7.2.3.0929, is it because of the updates?

 

Screenshot 2024-02-01 170224.png

Screenshot 2024-02-01 170430.png
Please help. Thanks!

 

FortiClient 
FortiGate 

Labels:
6206
0 Kudos
22 REPLIES 22
jera
Staff
Staff
In response to pxiannie

Created on ‎02-15-2024 10:03 PM

Hello @pxiannie ,

Your internal DNS server IP should be the assigned IP of your Windows Server where you enabled the DNS service and configured your internal domain.

 

If you are able to resolve internal domain using your LAN network, you can check the ipconfig of your endpoint connected to LAN and verify the DNS IP configured.  

That IP should be configured under your SSLVPN settings. 

 

You can also try running the command below from LAN connected endpoint, to verify the internal DNS.

nslookup www.example.com (internal domain).

 

JE
1908
Nchandan
Staff
Staff

Created on ‎02-06-2024 08:24 PM

Hello pxiannie!

 

Kindly create a test policy from ssl.root to ppp2 as incoming and outgoing interface and destination as all and check if you can ping.

2097
pxiannie
New Contributor III
In response to Nchandan

Created on ‎02-06-2024 09:49 PM Edited on ‎02-06-2024 10:02 PM

Hi @Nchandan ,

I got 2 ip address for ppp2, I'm using the 180.XXX.XXX.XXX one as my ssl vpn remote gateway. Is it the S* 0.0.0.0/0 [5/0] via 10.233.65.32, ppp2, [1/0] should be  S* 0.0.0.0/0 [5/0] via 180.XXX.XXX.XXX, ppp2, [1/0] ? I dont know what 10.233.65.32 refer to because I didn't found it in interface. My virtual wan-link only have member wan1 and the second pp2 ip address. Is the first ppp2 refer to the ip of virtual wan link? I create policy from ssl.root to virtual wan link but still not able to ping.

Screenshot 2024-02-07 134416.png
Regards,

2075
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.