Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Yerlik
New Contributor

Mobile app for VPN

Good morning! I have issue about my mobile vpn for fortigate, it doesn't resolve DNS name. I checked all the settings, everything is fine, the DNS server is specified, but the mobile application does not see them.I can connect by IP address but not by domain name. here is my problem, I ask you to help

7 REPLIES 7
adimailig
Staff
Staff

Hi @Yerlik 

May I verify if you want DNS resolution of the private domain?
You may try to configure DNS suffix on SSL VPN or IPSEC VPN.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-set-DNS-suffix-for-VPN-SSL-and-IPse...

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**

Best Regards,

Arnold Dimailig
TAC Engineer
Yerlik

i think you don't understand me, i am talking about when i connect to VPN by ForticlientVPN for mobile I can't reach web resources by DNS name, but with ip adresses it's openning

adimailig

Hi Yerlik,

Are you using IPSEC VPN or SSL VPN?
Is split-tunneling enabled or disable? 
Does your mobile device get the DNS Server IP after you connect to VPN?

Best Regards,

Arnold Dimailig
TAC Engineer
sw2090
SuperUser
SuperUser

I came accross similar behaviour when on a dial up vpn I did set domain and dns servers but the dns mode wasn't set to manual. DNS mode for whatever reason is not available on gui (except from FortiManager gui) but only on cli.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
hbac
Staff
Staff

Hi @Yerlik,

 

Are you referring to SSL or IPsec VPN? After you connected, can you check if the mobile device has the correct DNS server IP address? 

 

Regards, 

Yerlik
New Contributor

Hello, i connected via SSL VPN

 

sw2090
SuperUser
SuperUser

Also keep in mind that this is split dns. That means when you enable DNS on your VPN you should also enter a domain. Only FQDN related to this domain will be resolved over the VPN DNS.

I still don't understand why this still is not mandatory in FortiOS...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors