Hi,
for some strange reason:
1) the fortiview website monitor is not resolving the IPs into the relative domain name
2) I am only able to view for "now" all other options don't work ( 1hr, 24 hrs, etc..)
looking around I have created my local DNS servers in thinking that I needed a reverse lookup?
therefore I created 2 local DNS using 8.8.8.8 and 8.8.4.4 with " A" records and I created also 2 "PTR" records off of each IP. therefore I have 4 records.
question 1: is it correct to use google IPs for my local DNS?
question 2: is it correct to use the relative "PTR" records?
question 3: seems none of this is working to get me the domain names in the fortiview website monitor therefore something is wrong.
thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Antonio
As far as I know, FG doesn't show the domain names unless it sees the DNS resolution that was done by the client for that site.
So in case you client is using DNS over HTTPS or over SSL and the FG doesn't use deep inspection for the related DNS policy, then FG doesn't see which domain name is requested by the client.
Reverse lookup will not help. And I think using 8.8.8.8 & 8.8.4.4 as local addresses is not a clean solution.
You may try one of the following and it should work.
Hope it helps.
hi AEK,
can you please outline the steps to undertake in each one of those bullet points?? because as is it's not very clear how to put into concrete action what you sugget.
ciao,
Antonio
Let's implement the second example:
hi AEK,
thank you!!!!
in truth I have started toi actually look at the logs on the forticloud and I have purchased the fortianalyzer cloud license as well so waiting to implement that sometime nexrt week!
that being said of the points above , points 1 & 2 are clear! points 3 & 4 are not clear how to atually do that on a step by step basis?
don't want to bug you, if you can outline those I would appreciate it, but understand if you don't have the time!
ciao,
Antonio
Hi Antonio
3. On your FG, create a firewall rule to allow DNS traffic from clients to local DNS server
4. On your FG, deny any other encrypted DNS traffic from clients to anywhere. You can do this with application profile, under Application and Filter Override, then block DNS.Over.HTTPS and DNS.Over.TLS
Hope it helps.
i hope you read this.. the policy is not working .. not sure what is the problem.
i det src interface as internal and dest interface as internal also.. that may not be correct maybe should put WAN?
i sent the DNS server as a range as its inmpossible to set a single IP ?
ciao,
Antonio
i put the range of the DNS server as 192.168.1.254-192.168.1.254 as it is impossible to to put a single IP in the policy. unless i'm missing something.
but the biggest issue is what is the dest interface? WAn or internal?
I seem to be unabel to post relies
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.