Created on 07-04-2017 12:06 PM Edited on 09-19-2023 06:04 AM By Jean-Philippe_P
Description
This article describes how to configure DNS and WINS servers to resolve internal names when using a VPN SSL connection in tunnel mode.
When SSL VPN users connect to a network in tunnel mode, it is necessary to access internal resources using domain names rather than IP addresses. To facilitate this name-to-IP translation, VPN users must utilize the internal DNS (Domain Name System) and WINS (Windows Internet Name Service) servers of the organization. This ensures that they can resolve internal names correctly while connected to the VPN.
Solution
To ensure that remote SSL VPN users can access internal resources by correctly resolving their domain names, configure the FortiGate device (or equivalent) with the IP addresses of the internal DNS and WINS servers. Here's how:
config vpn ssl setting
set dns-server1 <IP Address for DNS-1>
set dns-server2 <IP Address for DNS-2>
set wins-server1 <IP Address for WINS-1>
set wins-server2 <IP Address for WINS-2>
set ipv6-dns-server1 <IP Address for DNS-1>
set ipv6-dns-server2 <IP Address for DNS-2>
set ipv6-wins-server1 <IP Address for WINS-1>
set ipv6-wins-server2 <IP Address for WINS-2>
end
Configuring the internal DNS and WINS servers for SSL VPN users ensures seamless access to internal resources. Always ensure that the specified servers are operational and can handle the VPN users' queries without being overloaded.
Related Article:
Technical Tip: How to set DNS suffix for VPN SSL and IPsec in the FortiGate configuration
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.