Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
forti_tude
New Contributor

"Unresolved FQDN" on version 6.4.11

 

Hello team, 

 

We get the error "Unresolved FQDN" on our firewall for the below:

 

*.discoverysrv.windowsazure.com
*.download.microsoft.com
*.migration.windowsazure.com
*.vault.azure.net

 

Has anyone had similar and what should we do?

 

Other FQDN's are fine.

 

Regards,

 

Forti_tude

1 Solution
srajeswaran
Staff
Staff

The wildcard FQDN is updated when a DNS query is made from a host connected to FortiGate (DNS traffic passing through a FortiGate.). Which means none of the hosts in your network tried to access these sites and thats why it is showing as unresolved.

Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-wildcard-FQDN/ta-p/196118

I would suggest you try pinging one of those domains and check if the entries get updated.

We may try ping 04b8c9c73f3d477e966c8d00f352889c-agent.cus.disc.privatelink.prod.migration.windowsazure.com and check if the FQDN for "*.migration.windowsazure.com" is updated (if it is able to resolve the domain).
Ref: https://learn.microsoft.com/en-us/azure/migrate/troubleshoot-network-connectivity

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

2 REPLIES 2
srajeswaran
Staff
Staff

The wildcard FQDN is updated when a DNS query is made from a host connected to FortiGate (DNS traffic passing through a FortiGate.). Which means none of the hosts in your network tried to access these sites and thats why it is showing as unresolved.

Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-wildcard-FQDN/ta-p/196118

I would suggest you try pinging one of those domains and check if the entries get updated.

We may try ping 04b8c9c73f3d477e966c8d00f352889c-agent.cus.disc.privatelink.prod.migration.windowsazure.com and check if the FQDN for "*.migration.windowsazure.com" is updated (if it is able to resolve the domain).
Ref: https://learn.microsoft.com/en-us/azure/migrate/troubleshoot-network-connectivity

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
forti_tude

Thank you for your help with this :)

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors