Hello,
I'm noticing a strange behavior of the firewall, and therefore also from the windows machine behind, when I try to resolve the FQDN that is published on my connection.
let me explain better:
1)if I try to resolve the FQDN from the firewall the resolution is not the public ip but 192.168.178.101 which is the IP of the firewall point towards the router
2)if I run an nslookup of the same FQDN from the windows machine behind the firewall the resolution is the ip of the windows machine
3)if I ping from the router on the same FQDN I finally have the public IP as the resolution, which is the same as the WAN router interface as it is it that sends the updates to the dynamic DNS
The dns configured on both firewall,router and windows is 8.8.8.8 and 8.8.4.4
Anyone knows why i have this behavior and how to figure it out?
BR,
G
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Ok, I seem to have solved it by entering the command "no ip nat service all-algs on the cisco router".
I hope this is helpful to someone in the same situation.
BR,
G
Dear GiuseppeB,
As per the description I see that 3 devices are resolving different IP for the same FQDN
Also all the devices have same DNS
You can take the dns capture and check what dns response you are getting when you are sending the dns query.
Hi @GiuseppeB,
Have you tried to resolve the FQDN with machine out of the network and try to flush dns cache. Please refer to this document for DNS troubleshooting "https://community.fortinet.com/t5/FortiGate/Technical-Tip-DNS-troubleshooting/ta-p/197982"
Regards,
Minh
Hello,
No, the firewall is not the suspect, I made a capture with wireshark and the DNS responses from Google are transformed into the private IP instead the public IP. Upstream I have a Cisco router that also manages the dynamic DNS part and I think it is he who is causing problems.
P.S. outside my network the fqdn is resolved correctly with the public IP, the problem lies only in my internal network, even when I carry out a DNS flush the problem remains.
G
Ok, I seem to have solved it by entering the command "no ip nat service all-algs on the cisco router".
I hope this is helpful to someone in the same situation.
BR,
G
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.