In our internal LAN we have the DNS server set to be the same as the Interface IP of that subnet. This DNS server is set in recursive mode and exists only to translate some domain names to IP address for internal uses.
I would like to have this same functionality over the SSL VPN for some of our remote users but am unsure how to go about setting it up.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
10.10.20.0/24 is for SSL-VPN subnet? You can specify the IP address of the ssl.root interface as DNS server. To configure ssl.root IP address: For example
config system interface
edit ssl.root
set ip 10.10.20.254/24
end
After that, you can specify 10.10.20.254 as the DNS server. You also have to enable DNS service on ssl.root interface as mentioned here.
Regards,
Hi @kylehouk
You can configure SSLVPN interface to act as the DNS server and configure the same settings. Please refer to the document below:
Thank you for the response, if I am using custom IP address ranges for the VPN does that impact this setting?
Hi @kylehouk,
No, using custom range doesn't impact the DNS setting. You need to specify the DNS server IP address.
Regards,
Hello @hbac
In this case the subnet for one of the groups is 10.10.20.0/24 how would I go about setting a specific IP to act as the DNS server for the SSL VPN?
10.10.20.0/24 is for SSL-VPN subnet? You can specify the IP address of the ssl.root interface as DNS server. To configure ssl.root IP address: For example
config system interface
edit ssl.root
set ip 10.10.20.254/24
end
After that, you can specify 10.10.20.254 as the DNS server. You also have to enable DNS service on ssl.root interface as mentioned here.
Regards,
HBAC,
Does the ssl.root IP need to be on the same subnet as the assigned ip addresses of the ssl clients? For example:
I have 4 ssl portals and each one is assigned a different subnet. right now they all use internal DNS servers that are on yet another subnet.
Can it be as simple as assigning an IP to the ssl,root interface and then create static routes? Or could it be simpler?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.