Re: configure internal DNS server behind Fortigate

ConnyGustavsson · 12-06-2023

Hi. Fortigate will inspect all passing DNS traffic if the DNS filter feature is enabled on policy. You do not need to use the FG as DNS server/forwarder. (Still that may be benificial, especially if internal DNS server is on other side of VPN/SD-WAN....

ConnyGustavsson · 12-06-2023

Discord can be block by Application Control Profiles.  BR/Conny

ConnyGustavsson · 02-10-2023

This could be caused by payload fragmentation. If traffic is TCP; try manipulate the TCP-MSS on the firewall policy that match this traffic. Do this on both sides of the tunnel.# config firewall policyedit tcp-mss-sender tcp-mss-receiver I usually te...

ConnyGustavsson · 02-10-2023

I beleive you cannot use that "simple" design with termination directly to Azure VPN. The Fortigate removes routes for down tunnels and can then send traffic the tunnel that is still up. The command "monitor" in VPN is used to keep second tunnel down...

ConnyGustavsson · 03-23-2022

Hi. That company's IPSec setting may miss "nat traversal" configuration? Then you can not be behind a NAT:ed firewall. More unlikely you have some config in your fw that blocks IPSec. Check with packet capture on outside interface if you get response...

User Statistics

User Activity

Re: configure internal DNS server behind Fortigate

Re: Web Filter does not block websites

Re: IPSEC VPN Very SLOW

Re: VPN Site 2 Site secondary tunnel fails

Re: Passing FortiClient IPSec through a Fortigate fails

Re: configure internal DNS server behind Fortigate

Re: Can't contact LDAP server

Re: Unable to add FortiAP to Fortigate Wireless Co...

Re: Unable to add FortiAP to Fortigate Wireless Co...