FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
This article describes how to address the issue of duplicated DNS entries being created in a Windows DNS Server when a client connects via SSL-VPN on FortiGate.
Scope
FortiClient, FortiGate.
Solution
Problem Overview: When a client is connected to SSL VPN, new DNS entries were created in the Windows DNS Server rather than updating the existing entries. This led to multiple duplicated DNS entries and caused complications with certain applications, such as Citrix. Additionally, reverse DNS entries were not updating correctly.
Solution Steps:
Begin by taking a backup of the current FortiClient configuration. This will be saved as an XML file.
Once the backup is done, open this XML file in a text editor such as Notepad.
Locate the specific tunnel in the XML configuration that's causing the issue.
Within this tunnel's configuration, find the following setting:
<no_dns_registration>0</no_dns_registration>
Modify it to:
<no_dns_registration>2</no_dns_registration>
After making the change, save the XML file.
Re-import the modified configuration back into FortiClient.
For further guidance on the XML configuration and its intricacies, it's possible to consult the XML reference guide available here.
Test the changes on a single workstation to ascertain if the issue of duplicate DNS entries has been resolved.
Making the above change to the FortiClient's XML configuration can prevent the creation of duplicated DNS entries in the Windows DNS Server when clients connect via SSL VPN on FortiGate.
