I read somewhere in order to use Web Filter, I need to use FortiGuard DNS
Let say I have internal dns which host all internal server hostname
I want Fortigate which use default fortiguard dns able to solve internal server name
I came with idea to do split dns
OPTION1
-set Fortigate DNS to Internal DNS
set Internal DNS forwarder to FortiGuard DNS
OPTION2
-set Fortigate DNS to default FortiGuard DNS
then set
config system dns-database edit "company1.com" set domain "company1.com" set authoritative disable set forwarder "10.243.13.1" next end QUESTIONS 1. Can I do OPTION2 and achieve same result as OPTION1 tqNominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
To use Webfilter you don't need to use Fortinet DNSes. To use DNS Filter you do need to use their DNS servers.
After seeing Network/DNS/DNS Filter Servers=208.91.112.220
or
# sh full-configuration | grep -f sdns-server-ip
I can see that DNS Filter using FortiGuard
So OPTION1 should be Network/DNS=INTERNAL AD DNS IP INTERNAL AD DNS Forwarder=ISP DNS
but question remain, whether can I use OPTION2 and get same result as OPTION1
UPDATE1: 1. I think this is the answer https://www.youtube.com/watch?v=3Ze3jMAdRTo&feature=emb_logo I need to setup dns server in Fortigate interface facing LAN/DMZ
Yurisk wrote:To use Webfilter you don't need to use Fortinet DNSes. To use DNS Filter you do need to use their DNS servers.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1561 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.