Hi all,
I am trying to establish a ZTNA replacement of our VPN for all AD-joined devices.
The first problem I have encountered is that workstations cannot resolve the domain controllers - our internal DNS server is accessible on TCP 53, but it tries UDP 53 to the DHCP provided DNS server of my remote users.
So my users are unable to change their passwords, force local password changes and etc.
Does anyone succeeded in establishing ZTNA for AD environment?
Hi Satory
As per my knowledge regular clients use UDP 53 for DNS, not TCP 53 (please double check).
TCP 53 is used in few specific cases, like zone transfer between DNS servers.
You are not correct - you may fallback and use tcp 53, the problem is that windows uses udp by default.
Still I can't believe no one uses ZTNA for AD access...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.