Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FG_User
New Contributor

Internal DNS name resolution not working

We' re using SSL VPN with split tunneling enabled. In the VPN DNS and WINS server names I put our two systems which provide those services. However when using the bookmarks or connection tool I cannot connect via the name of the system. Neither hostname or FQDN works. Only via IP. Obviously most users don' t know the IPs of the systems.
14 REPLIES 14
FG_User
New Contributor

I guess if there was some way to make sure streaming media from VPN users didn' t hose our system that' d be ok to turn it off. My main goal was to keep any unnecessary traffic/resources off the units. Especially if a home user' s system is messed up and has malware using it to send smtp traffic or something else. You get the gist. Why send youtube traffic over the vpn, right?
Carl_Wallmark
Valued Contributor

1. What is the point of the SSL VPN DNS settings then? they are for tunnel mode, not web mode.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
FG_User
New Contributor

@SELECTIVE: go figure. of course dns under ssl vpn would only apply to a piece of it and the other would apply somewhere else :) Any thoughts on Q#2?
Carl_Wallmark
Valued Contributor

@SELECTIVE: go figure. of course dns under ssl vpn would only apply to a piece of it and the other would apply somewhere else :)
well, i can agree that it seems weird, but if you think about it, it makes sense, in tunnel mode you are assigned an ip, dns, wins. in web mode you are not assigned anything, so the fortigate have to look it up by itself, and therefore using its own dns settings. Q2: i do that alot, havent found a reason why i shouldn`t

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
jpereira
New Contributor

I just ran in to the same problem myself. I put my internal dns servers in but it was not until I also added the local domain under Network --> DNS -->DNS Settings that it was able to work properly. My SSL Bookmarks are now resolving properly as are entries that I put in the connection tool as hostnames. I am also using split tunneling and that is functioning properly as well.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors