Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

SSL VPN DNS order

Hi,

we have configured SSL VPN portals for different users, on these portals we have DNS split tunneling enabled and configured two domain controllers inside, but one of these domain controller dns is undergoing maintenance and is turned off, so we changed order of these dns servers, that dns primary is the current working dns server, but this is not working client getting all the time on the first position turned off dns server and the second working as secondary. Now on fortigate log I see that dns resolution are going all the time to turned off dns server, and because of that ssl vpn users do not get local dns resolution, all request are pushed to internet.

 
 

dns.jpg

The DNS server ending with .202 - is the working one, .102 - is turned off.

 

On the client side, ipconfig:

 

 

 

 

Ethernet adapter Ethernet 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Fortinet SSL VPN Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 00-09-0F-AA-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1d66:e7c1:3ea5:7560%8(Preferred)
IPv4 Address. . . . . . . . . . . : 
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 
DHCPv6 IAID . . . . . . . . . . . : 687868175
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-E1-1E-42-54-05-DB-32-AF-59
DNS Servers . . . . . . . . . . . : 192.168.96.188
x.x.x.102
x.x.x.202
NetBIOS over Tcpip. . . . . . . . : Enabled

 

 

 

 

 

 

On the fortigate dns request are coming only to turned off dns server x.x.x.102

log fortigate.jpg

 

2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Hello Tutek,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Tutek,

 

Could you please tell me if this KB article is helping you?

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Split-DNS-support-for-SSL-VPN/ta-p/194766

 

Regards,

Anthony-Fortinet Community Team.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors