Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiDave
New Contributor III

Created on ‎10-12-2022 09:11 AM

Split DNS SSL VPN

Hi all,

 

I have clients using Android tablets where split tunneling is configured, and not working. Im pretty sure this is down to the DNS configuration on both client and Fortigate, rather than split tunnelling.

 

I can see all DNS requests going through the SSL interface.

 

Windows devices are working fine, as they seem to have internet DNS server on the adapter.

 

Ive found a lot of KB articles around split DNS, which have me a bit confused.

 

Im wondering could someone advise me on the clear steps required here to enable split DNS (assuming thats my issue), on the Android devices?

 

Of course I dont want to impact the current 500+ VPN users, so need to be mindful of any global DNS changes.

 

Thanks,

 

D

 

Labels:
3736
0 Kudos
1 Solution
FortiDave
New Contributor III

Created on ‎10-14-2022 06:22 AM

Folks, apologies, this ended up being a routing issue on the internal network. Thanks for the input.

View solution in original post

3690
0 Kudos
4 REPLIES 4
gfleming
Staff
Staff

Created on ‎10-12-2022 12:24 PM

Check this documentation: https://docs.fortinet.com/document/fortigate/7.2.2/administration-guide/988717/ssl-vpn-split-dns

 

It should work for all endpoints regardless of OS.

Cheers,
Graham
3720
0 Kudos
FortiDave
New Contributor III
In response to gfleming

Created on ‎10-13-2022 03:10 AM Edited on ‎10-13-2022 03:12 AM

Hi,

 

Below is my specific SSL portal configuration, which I believe looks correct. However, its still not working. I can see DNS queries traversing the FGT while testing internet access on the device, which just times out.

 

Is there anything I may be missing here? Could there be some global setting somewhere maybe?

 

Is there somewhere I can specificy 8.8.8.8 as DNS for clients internet requests, while connected to VPN?

 

Screenshot 2022-10-13 at 10.57.45.png

 

3711
0 Kudos
gfleming
Staff
Staff
In response to FortiDave

Created on ‎10-13-2022 08:48 AM

OK let's get clear on the actual issue here. At first you mention split DNS is not working. And now you are saying Internet access is timing out. Split DNS would be used for internal queries. We can not dictate which DNS server to use for general internet queries when DNS split tunneling is enabled. 

 

So if internet is timing out there might be some other issue unrelated to split DNS. Also you say you see DNS queries traversing the FGT for Internet access which you shouldn't see with your split tunneling config.  

 

Have you tested the configuration without split tunneling and split DNS? This would tell you the VPN is working properly. Then you can turn on split tunneling and test that. And then move to split DNS.

Cheers,
Graham
3698
0 Kudos
FortiDave
New Contributor III

Created on ‎10-14-2022 06:22 AM

Folks, apologies, this ended up being a routing issue on the internal network. Thanks for the input.

3691
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.