FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmanea
Staff
Staff
Description
The setting of the DNS suffix can be useful when it is required to resolve server names without typing the entire domain name when connected in VPN IPsec or VPN SSL.

Solution
This configuration option is not available in GUI interface, it can be set using the CLI.

The commands are the following:

For IPsec VPN.

# config vpn ipsec phase1-interface
    edit <gateway_name>
set mode-cfg enable
set type dynamic
set ipv4-dns-server1
set ipv6-dns-server1
set domain <domain>
    end

For SSL VPN.

# config vpn ssl settings
    set dns-suffix example.com example.org
end

The FortiGate unit has to configured with the internal DNS servers which have host names for address 'domain.com' and then verified by pinging the host name from CLI.

# config system dns
    set primary 192.168.1.1  <----- Internal DNS.
    set secondary 4.2.2.2
    set domain "domain.com"
end

# exe ping domain.com

Contributors