Hi,
we have configured SSL VPN portals for different users, on these portals we have DNS split tunneling enabled and configured two domain controllers inside, but one of these domain controller dns is undergoing maintenance and is turned off, so we changed order of these dns servers, that dns primary is the current working dns server, but this is not working client getting all the time on the first position turned off dns server and the second working as secondary. Now on fortigate log I see that dns resolution are going all the time to turned off dns server, and because of that ssl vpn users do not get local dns resolution, all request are pushed to internet.
The DNS server ending with .202 - is the working one, .102 - is turned off.
On the client side, ipconfig:
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Fortinet SSL VPN Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 00-09-0F-AA-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1d66:e7c1:3ea5:7560%8(Preferred)
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 687868175
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-E1-1E-42-54-05-DB-32-AF-59
DNS Servers . . . . . . . . . . . : 192.168.96.188
x.x.x.102
x.x.x.202
NetBIOS over Tcpip. . . . . . . . : Enabled
On the fortigate dns request are coming only to turned off dns server x.x.x.102
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Tutek,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello Tutek,
Could you please tell me if this KB article is helping you?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Split-DNS-support-for-SSL-VPN/ta-p/194766
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.