Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL Web Clients Can' t Resolve Internal Host Machines ?
SSL web clients can access the internal machines by IP on our 100D fine but can' t resolve internal machine names.
Is this by design or am I missing some permissions etc somewhere ?
The 100D is configured under SSL with our internal dns server. It just hangs on the RDP box on the windows client if you attempt to connect by hostname ?
James Manor
James Manor
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Last I heard, DNS resolution was not carried to the endpoint with the SSL VPN product. Each machine has to have that edited in the configuration on the work station side manually. Please, someone correct me if I' m wrong. (I' m good at that! Actually getting used to eating humble pie!)
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How come it has specific DNS settings for SSL web clients if they don' t apply ?
Seems the SSL VPN clients can' t read the firewall objects either as the hosts have name mappings on the Fortigate.
If you create a bookmark with a hostname in the SSL portal it won' t resolve either. Even though the hostname is listed under firewall objects.
Maybe this might be fixed in a later build....
James Manor
James Manor
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got it working - the DNS settings shown above play no part in SSL client name resolution.
SSL clients use the Fortigate system DNS servers. I had these pointing to Google at 8.8.8.8 hence no internal name resolution.
James Manor
James Manor
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
on a system level we have one internal dns server and one general internet dns.
when we connect via the web ssl client it does work but when I publish a webpage via the webssl it works on a ip level but not on a hostname ...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With the published SSL (VIP) the DNS is all external so won' t touch either of your DNS servers - it' s purely routing through and forwarding the packets to the inside webserver.
The DNS needs configuring at your domain host to point the URL at the external IP of the Fortigate.
James Manor
James Manor