VPN IPSec - DNS

Marcos_FDS1012 · ‎11-22-2024

I've set up an IPSenc VPN between a head office and a branch office, two F60 fortigates, but we can't access the head office network folders, when I put DNS on the network card it works perfectly, without DNS on the card I can ping and everything, is there anything I can do so that I don't have to put DNS on the network card?

AEK · ‎11-24-2024

You need to enable split DNS, available only for IKEv2 on the later FOS versions.

https://docs.fortinet.com/document/fortigate/7.2.8/administration-guide/836965/ipsec-split-dns-new

AEK

View solution in original post

Marcos_FDS1012 · ‎11-25-2024

I'm using the site-to-site tunnel, does this stuff work too?

View solution in original post

AEK · ‎11-25-2024

Oh! In that case I think you should configure your local DNS server to forward the related queries to the remote DNS server.

AEK

View solution in original post

mle2802 · ‎11-25-2024

Hi @Marcos_FDS1012,

In case FortiGate on this side is doing DHCP, you can specify DNS server as remote side so you do not need to manually specify DNS.

Regards,

View solution in original post

AEK · ‎11-24-2024

You need to enable split DNS, available only for IKEv2 on the later FOS versions.

https://docs.fortinet.com/document/fortigate/7.2.8/administration-guide/836965/ipsec-split-dns-new

AEK

Marcos_FDS1012 · ‎11-25-2024

I'm using the site-to-site tunnel, does this stuff work too?

AEK · ‎11-25-2024

Oh! In that case I think you should configure your local DNS server to forward the related queries to the remote DNS server.

AEK

mle2802 · ‎11-25-2024

Hi @Marcos_FDS1012,

In case FortiGate on this side is doing DHCP, you can specify DNS server as remote side so you do not need to manually specify DNS.

Regards,

VPN IPSec - DNS

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website