Hi all,
I have clients using Android tablets where split tunneling is configured, and not working. Im pretty sure this is down to the DNS configuration on both client and Fortigate, rather than split tunnelling.
I can see all DNS requests going through the SSL interface.
Windows devices are working fine, as they seem to have internet DNS server on the adapter.
Ive found a lot of KB articles around split DNS, which have me a bit confused.
Im wondering could someone advise me on the clear steps required here to enable split DNS (assuming thats my issue), on the Android devices?
Of course I dont want to impact the current 500+ VPN users, so need to be mindful of any global DNS changes.
Thanks,
D
Solved! Go to Solution.
Folks, apologies, this ended up being a routing issue on the internal network. Thanks for the input.
Check this documentation: https://docs.fortinet.com/document/fortigate/7.2.2/administration-guide/988717/ssl-vpn-split-dns
It should work for all endpoints regardless of OS.
Created on 10-13-2022 03:10 AM Edited on 10-13-2022 03:12 AM
Hi,
Below is my specific SSL portal configuration, which I believe looks correct. However, its still not working. I can see DNS queries traversing the FGT while testing internet access on the device, which just times out.
Is there anything I may be missing here? Could there be some global setting somewhere maybe?
Is there somewhere I can specificy 8.8.8.8 as DNS for clients internet requests, while connected to VPN?
OK let's get clear on the actual issue here. At first you mention split DNS is not working. And now you are saying Internet access is timing out. Split DNS would be used for internal queries. We can not dictate which DNS server to use for general internet queries when DNS split tunneling is enabled.
So if internet is timing out there might be some other issue unrelated to split DNS. Also you say you see DNS queries traversing the FGT for Internet access which you shouldn't see with your split tunneling config.
Have you tested the configuration without split tunneling and split DNS? This would tell you the VPN is working properly. Then you can turn on split tunneling and test that. And then move to split DNS.
Folks, apologies, this ended up being a routing issue on the internal network. Thanks for the input.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.