I created DNS rule for access internal domains from clients but not resolving URLs. How can i troubleshoot the issue?
Hi,
you can't really troubleshoot stuff in FortiSASE like we know from onprem FortiGates.
I would first try to sniff for the DNS traffic, which you should see in the IPsec tunnel to your SPA site.
Then maybe also run a debug to see what's happening with this traffic.
I've heard of a Split DNS issue in new SASE instances which occur if you configured the SPA with BGP on loopback, only support can fix this with a workaround.
KR Fabian
Resolved with help of SASE TAC team.. Resolved by
1. Enable NAT on firewall policy
2. Add tunnel IP to the FW policy
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2656 | |
| 1410 | |
| 810 | |
| 699 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.