Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Way to set DNS search domains after VPN setup, or push from FortiGate?

I'm running FG 6.2.3 and FortiClient 6.2 and am wanting to push my users a list of several FQDN's to treat as DNS search domains.  The problem is the Mac users whose default search domains disappear when connected via FortiClient, and I can't see a way in FG CLI to set more than a primary domain for an ipsec VPN.  Also, on the Mac side, given FortiClient does not create an interface in Networking, there doesn't seem to be a way to set search domains that do not get wiped when the VPN connects and resolv.conf is rebuilt.

Honored Contributor

Unfortunately in ipsec vpn you can onyl enter ONE domain.

you can enter up to 4 ipv4 and ipv6 dns servers


Also unfortunately fortinet has skipped one important option in gui and parly cli (you can set it on cli but you don't see it). With this option set to default you will always only get system dns pushed even if you entered your own ones.  I stumbled accross this for several times now. 

Also the domain option in ipsec is not availabe on gui.


You woould have to set it on cli:


  config vpn ipsec phase1-interface

  edit <phase1-name>

   set ipv4-dns1


   set domain "domain"

   set dns-mode manual


to make it work...


"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams


Ah, yep this was for ipsec, and I can't switch to SSL because they haven't figured out how to do dual stack over SSL VPN...