Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kylehouk
New Contributor II

Created on ‎11-02-2023 06:36 PM

Set Fortigate as DNS server for SSL VPN Users

In our internal LAN we have the DNS server set to be the same as the Interface IP of that subnet. This DNS server is set in recursive mode and exists only to translate some domain names to IP address for internal uses.

 

I would like to have this same functionality over the SSL VPN for some of our remote users but am unsure how to go about setting it up. 

Labels:
2577
0 Kudos
1 Solution
hbac
Staff
Staff
In response to kylehouk

Created on ‎11-03-2023 02:14 PM

@kylehouk,

 

10.10.20.0/24 is for SSL-VPN subnet? You can specify the IP address of the ssl.root interface as DNS server. To configure ssl.root IP address: For example

 

config system interface 

edit ssl.root 

set ip 10.10.20.254/24

end 

 

After that, you can specify 10.10.20.254 as the DNS server. You also have to enable DNS service on ssl.root interface as mentioned here.

 

Regards, 

View solution in original post

2510
0 Kudos
6 REPLIES 6
kcheng
Staff
Staff

Created on ‎11-02-2023 08:11 PM

Hi @kylehouk 

 

You can configure SSLVPN interface to act as the DNS server and configure the same settings. Please refer to the document below:

https://community.fortinet.com/t5/FortiGate/Technica-Tip-How-to-allow-SSL-VPN-users-to-use-FortiGate...

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
2561
0 Kudos
kylehouk
New Contributor II
In response to kcheng

Created on ‎11-03-2023 08:01 AM

Thank you for the response, if I am using custom IP address ranges for the VPN does that impact this setting?

Fortigate_VPN.png

2541
0 Kudos
hbac
Staff
Staff
In response to kylehouk

Created on ‎11-03-2023 09:13 AM

Hi @kylehouk

 

No, using custom range doesn't impact the DNS setting. You need to specify the DNS server IP address. 

 

Regards, 

2534
0 Kudos
kylehouk
New Contributor II
In response to hbac

Created on ‎11-03-2023 09:16 AM

Hello @hbac 

 

In this case the subnet for one of the groups is 10.10.20.0/24 how would I go about setting a specific IP to act as the DNS server for the SSL VPN?

2532
0 Kudos
hbac
Staff
Staff
In response to kylehouk

Created on ‎11-03-2023 02:14 PM

@kylehouk,

 

10.10.20.0/24 is for SSL-VPN subnet? You can specify the IP address of the ssl.root interface as DNS server. To configure ssl.root IP address: For example

 

config system interface 

edit ssl.root 

set ip 10.10.20.254/24

end 

 

After that, you can specify 10.10.20.254 as the DNS server. You also have to enable DNS service on ssl.root interface as mentioned here.

 

Regards, 

2511
0 Kudos
dbc-pri-med
New Contributor
In response to hbac

Created on ‎08-19-2024 01:33 PM

HBAC,

Does the ssl.root IP need to be on the same subnet as the assigned ip addresses of the ssl clients? For example:

I have 4 ssl portals and each one is assigned a different subnet. right now they all use internal DNS servers that are on yet another subnet. 

Can it be as simple as assigning an IP to the ssl,root interface and then create static routes? Or could it be simpler?

are you receiving?
are you receiving?
1510
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.