Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
preznik_FTNT
Staff
Staff

Created on ‎01-13-2015 01:03 PM Edited on ‎03-24-2022 11:02 AM By Anonymous

Article Id 196119

FortiGate fails to resolve hostnames when FSSO polling is configured

Description
When FSSO polling is configured on a FortiGate, hostname resolution may fail.

Reason:
FSSO daemon does not take the domain name from system DNS settings.

Impact:
When the domain name is not included in DNS queries, it can cause excessive requests to be sent.

Scope


Solution
Fortinet recommends configuring the "set default-domain" option when FSSO polling is used.

The default domain is a primary DNS suffix which is used in DNS name registration and DNS name resolution for domain computers.

It can be set  by:
"set default-domain"
command under
"config user fsso-polling"

For example:
config user fsso-polling
    edit 1
        set server "10.10.20.2"
        set ldap-server "LDAP1"
        set default-domain "localdomain.local"
    next
end



3902
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.