I'm able to connect to ping my server and access local system last week, but today I tried to connect it shows error DNS resolve failed. I did not make any changes and this error has been solved, why got this error again? I cant ping my server in command prompt and access the local system now. My current version of FortiClient VPN is 7.2.3.0929, is it because of the updates?
Please help. Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @pxiannie,
I can see that you are using public DNS servers. Do you have split tunneling enabled?
Regards,
No, I didnt enabled. I disabled the tunnel mode split tunneling. The DNS split tunneling also didnt enabled.
If split tunneling is disabled, that means DNS traffic will go through the FortiGate. Please run debug flow by following this article to see if the traffic is being dropped: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Regards,
Created on 02-05-2024 12:13 AM Edited on 02-05-2024 12:14 AM
Hi @hbac ,
I run diag debug flow trace start 100 and it show me message "Denied by forward policy check (policy 0)" , but I did set my service to all for firewall policy.
That means you don't have a firewall policy to allow traffic from ssl.root to ppp2. Please check your policy.
Regards,
have you tried enabling the DNS DB ?
FortiGate DNS server | FortiGate / FortiOS 6.2.13 | Fortinet Document Library
No, because prevously I did not set also able to ping server
That would enable a full DNS server in the FG, that you need to maintain.
Here's what we do, that works:
Put internal DNS servers in the SSL-VPM Settings
Enable Split-Tummel, Policy Based
Then your client will use the PC's local DNS servers when accessing the internet, and your internal DNS servers when asking for sites based over the VPN (as specified in the FW rule in Destination)
Created on 02-05-2024 09:15 PM Edited on 02-06-2024 01:21 AM
Hi @Jakob-AHHG ,
I did put internal DNS servers in SSL VPN Settings.
This is how I set my SSL VPN Portal, does the routing address override set correctly?
Here is my firewall policy
Updated:
I'm able to ping my server ip address after I set the routing address override to ssl vpn address. But why still not able to ping my servername?
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.