Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Cruz2019
New Contributor

Created on ‎08-24-2021 12:19 PM

resolve hostname and ip address in vpn site to site

Hi, I have a site-to-site vpn set up between 2 fortigates: Site A Fortigate 300E and site B Fortigate 60F, and I was able to fill the vpn and the communication between both sites. When I connect to a computer at site A from site B I can do it without problems through the IP, but for security reasons I want them to be able to communicate through the host name. In site A all my computers belong to a domain (mycompany.com.mx) but in my site B the computers are not within a domain. Is it possible to get site B computers to access site A computers by hostname and not just by IP? I hope you can help me Thank you

Labels:
10915
0 Kudos
1 Solution
ac1
Contributor II
In response to bhuo

Created on ‎08-26-2021 12:54 AM

You have two ways:

[ol]
  • Configure the DHCP in site B with DNS from the domain A - in this case any DNS request go through the tunnel VPN. In site A you must add the network of site B to AD Site and Services.
  • Configure the DHCP in site B with DNS the FGT B - Enable the relay DNS for the request with domain mycompany.com.mx to the DNS in site A[ol]
  • Enable DNS Server in FGT B (System > Feature Visibility > Additional Features > DNS Database)
  • From Network > DNS Servers configure DNS Zone with domain name .com.mx, enable DNS Forwarder and set ip of DNS in site A
  • Select in DHCP Server DNS Server "Same as interface IP"[/ol][/ol]

    • View solution in original post

    9636
    0 Kudos
    9 REPLIES 9
    bhuo
    New Contributor II

    Created on ‎08-25-2021 10:38 PM

    Hi,

     

    Site B computers need to be able to access a none domain joined DNS server via s2s VPN.

    For example if you are able to add those A records to Fortigate and set up Fortigate address as DNS address for Site B computer to use, it may solve your case, good luck.

     

    Thanks,

     

    BH

    9568
    0 Kudos
    ac1
    Contributor II
    In response to bhuo

    Created on ‎08-26-2021 12:54 AM

    You have two ways:

    [ol]
  • Configure the DHCP in site B with DNS from the domain A - in this case any DNS request go through the tunnel VPN. In site A you must add the network of site B to AD Site and Services.
  • Configure the DHCP in site B with DNS the FGT B - Enable the relay DNS for the request with domain mycompany.com.mx to the DNS in site A[ol]
  • Enable DNS Server in FGT B (System > Feature Visibility > Additional Features > DNS Database)
  • From Network > DNS Servers configure DNS Zone with domain name .com.mx, enable DNS Forwarder and set ip of DNS in site A
  • Select in DHCP Server DNS Server "Same as interface IP"[/ol][/ol]
    • 9637
    0 Kudos
    Cruz2019
    New Contributor
    In response to ac1

    Created on ‎08-26-2021 08:29 AM

    In my site B, I have an interface such as LAN 192.168.xx.xx, and within this same interface I have created a VLAN (172.16.xx.xx) to all the equipment in site B I assigned a fixed IP of this VLAN, then Is it necessary to change this VLAN so that it assigns DHCP to the computers and put the DNS of missite A?

    9568
    0 Kudos
    ac1
    Contributor II
    In response to Cruz2019

    Created on ‎08-26-2021 08:43 AM

    if you have assigned the static ip you must modify manually the dns of clients with DNS Server of site A.

    9568
    0 Kudos
    Cruz2019
    New Contributor
    In response to ac1

    Created on ‎08-26-2021 08:52 AM

    If I assign DNS from site A to the computers from site B, internet access is lost, right now I have them configured with google DNS 8.8.8.8 and 8.8.4.4 and in this way they give me internet access and I also have access to the computers of my site A but through IP and what I want is to be able to access through the name of the computers.

    9568
    0 Kudos
    ac1
    Contributor II
    In response to Cruz2019

    Created on ‎08-26-2021 08:58 AM

    Have you created a policy in firewall B and firewall A to be able to pass DNS traffic?

    The VPN Phase 2 have the subnet for reach DNS Servers?

    The routing to VPN in both side is ok? 

     

    9568
    0 Kudos
    Cruz2019
    New Contributor
    In response to ac1

    Created on ‎08-27-2021 08:32 AM

    I have the corresponding policies and I have phase 2 configured to access my DNS from site A, in the static routes I have doubts. In my site B I have 3 static routes, one I have as a destination my DNS and another subnet that I want to access, and one towards the internet, but in site A I do not have these policies

    9567
    0 Kudos
    ac1
    Contributor II
    In response to Cruz2019

    Created on ‎08-27-2021 08:49 AM

    In site A you must have a route like this:

    Destination: subnet B

    Gateway: VPN Site to Site to B (Interface VPN)

    Distance: 10

    Status: Enabled

     

    Without this route the DNS Server does not respond to client in site B.

    9567
    0 Kudos
    Cruz2019
    New Contributor
    In response to ac1

    Created on ‎08-27-2021 09:01 AM

    I will make these changes and share the results.

    9567
    0 Kudos
    Announcements
    Check out our Community Chatter Blog! Click here to get involved
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2025 Fortinet, Inc. All Rights Reserved.