Network with a FortiGate 60F running 6.4.4. with FortiSwitch 224E.
Created a VLAN 20. Was able to browse the internet but could not access a file server on the default LAN not part of a VLAN. Pinging by IP address worked fine but I could not ping via hostname. Appeared to be a DNS issue.
I found that if I set the VLAN DNS Server to Specify and listed the IP addresses of the Windows Server DNS servers, that the DNS issue was resolved.
Should it be necessary in this situation to set the DNS Server to Specify and list the IP addresses of the local DNS or do I have a setting wrong under Network / DNS or elsewhere?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You need to also specify a dns for the FGT itself because it is needed for the FGT to be able to connect to the Fortiguard servers for getting License statuses and definition updates or check ratings.
Traffic from Clients will not be using the FGT system DNS unless you distribute these via dhcp. Even setting a dns forwarder would require the client to use the FGT interface ip as DNS Server.
So if you want to be able to resolve your hostnames from out of the vlan you need to make sure the clients can access a dns that can resolve these and that the clients use this dns!
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
If you don't specify the DNS server it's using FortiGuard DNS, right? Which obviously does not know about your local file server.
If I'm understanding the full situation, the issue is really that you need to specify the DNS server on your DHCP server settings for VLAN 20. Then you wouldn't have to specify local DNS for the FortiGate itself, but by default the FortiGate hands itself out as DNS for DHCP clients, so....
Thanks lobstercreed. I did specify the DNS server IP addresses on your DHCP server settings for VLAN 20. Maybe something else that I overlooked?
You need to also specify a dns for the FGT itself because it is needed for the FGT to be able to connect to the Fortiguard servers for getting License statuses and definition updates or check ratings.
Traffic from Clients will not be using the FGT system DNS unless you distribute these via dhcp. Even setting a dns forwarder would require the client to use the FGT interface ip as DNS Server.
So if you want to be able to resolve your hostnames from out of the vlan you need to make sure the clients can access a dns that can resolve these and that the clients use this dns!
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Thanks sw2090. I will recheck the settings and configuration.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.