I'm running FG 6.2.3 and FortiClient 6.2 and am wanting to push my users a list of several FQDN's to treat as DNS search domains. The problem is the Mac users whose default search domains disappear when connected via FortiClient, and I can't see a way in FG CLI to set more than a primary domain for an ipsec VPN. Also, on the Mac side, given FortiClient does not create an interface in Networking, there doesn't seem to be a way to set search domains that do not get wiped when the VPN connects and resolv.conf is rebuilt.
You can try:
- https://kb.fortinet.com/kb/documentLink.do?externalID=FD40254
- https://kb.fortinet.com/kb/documentLink.do?externalID=FD37484
Elthon Abreu FCNSA v5
Unfortunately in ipsec vpn you can onyl enter ONE domain.
you can enter up to 4 ipv4 and ipv6 dns servers
Also unfortunately fortinet has skipped one important option in gui and parly cli (you can set it on cli but you don't see it). With this option set to default you will always only get system dns pushed even if you entered your own ones. I stumbled accross this for several times now.
Also the domain option in ipsec is not availabe on gui.
You woould have to set it on cli:
config vpn ipsec phase1-interface
edit <phase1-name>
set ipv4-dns1 xxx.xxx.xxx.xxx
...
set domain "domain"
set dns-mode manual
end
to make it work...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Ah, yep this was for ipsec, and I can't switch to SSL because they haven't figured out how to do dual stack over SSL VPN...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1759 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.