FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to enable the FortiGate to reply to DNS queries via the Loopback interface.
Due to DNS behavior changes in 5.6, previously working configurations from 5.4 might not work after a firmware upgrade.
Solution Starting from FortiOS version 5.6 onward, the DNS Server behavior was changed to drop DNS requests on interfaces not found in the dns-server table. If a DNS Server is configured on an internal port, for example port1, then FortiGate will resolve only DNS queries coming over port1.
If the DNS-server was configured on a loopback interface, but the DNS queries are reaching the FortiGate over a physical interface, in this example port1, then port1 must be added to the DNS-server table:
#config system dns-server edit "DMZ-1" next edit "DMZ-2" next edit "port1" next end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.