FortiClient for Android - Split DNS feature

ronen_beitelmajer · ‎06-20-2022

Hi,

Issue: Split DNS not working for SSL-VPN on Android

Versions:

Forticlient VPN - version 7.0.3.0037

Forticlient 6.0 - version 6.0.3.0197

Fortigate 2000E - 6.4.2.1723

Device - Samsung S21 Ultra, Android 11

I have a Fortigate 2000E in which I configured SSL-VPN with split tunneling and split DNS features.
When connecting with a Windows PC, everything works fine:

I get the required local routes, I get DNS reponses to those routes from my local DNS and I keep getting Internet DNS entries from my system's interface (configured currently as 8.8.8.8).

When I try to do the same with Forticlient on Android I get routing to the local IP addresses, but the only DNS I'm having is the system's DNS (from my ISP) - for the record, connection to local DNS IP has an active policy for SSL-VPN users.

I tried configuring a DNS on the VPN tunnel, but then I only get to query that DNS, for both the internet and the local subnet I configured for split DNS.

Would really appreciate some help.

Thanks

Anthony_E · ‎06-22-2022

Hello ronen_beitelmajer,

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Regards,

Anthony-Fortinet Community Team.

Anthony_E · ‎06-24-2022

Hello,

I have found this answer:

This i my solution for DNS resolution problem for SSL VPN connections from Android client.
Open CLI, and run:

config vpn ssl settings
set dns-suffix "yourlocaldomain.com"
set dns-server1 IP_address_of_your_local_dns_server
end

This helped in my case. What is interesting, the IP address resolution for Windows clients works fine without setting CLI commands.

Please tell me if it helps.

Regards,

Anthony-Fortinet Community Team.

FortiClient for Android - Split DNS feature

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website