FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 192668
Description
Two files are used for DNS name resolution:
  • zones.common: used for name resolution for hosts in isolation.  When resolving names that are in the Allowed Domains list, this file is used to determine which DNS server to send requests on behalf of the isolated host. 
  • resolv.conf: used for name resolution for the appliance.
The following instructions are used when the production DNS server IP addresses need to be changed.

Solution

Updating zones.common

1.  In the Administration UI, navigate to System > Settings > Allowed Domains
2.  Update the IP's under the banner of IP Address
3.  Click Save Settings (this will take a few moments).


Updating resolv.conf (must be done on all appliances)

Single appliance:
1.  Run Configuration Wizard on the Server.
http://<IP Address>:8080/configWizard
http://<Host Name of the appliance>:8080/configWizard
2.  In the Basic Network screen, update the appropriate IP address under the DNS section.
3.  Click Summary.
4.  Click Apply (this will take a few moments).

Control Server/Application Server pair:
1.  In the Application Server CLI, start the tomcat-admin service (this will allow Config Wizard to be accessible).
     service tomcat-admin start
2.  Run Configuration Wizard on the Application Server.
http://<IP Address>:8080/configWizard
http://<Host Name of the appliance>:8080/configWizard
3.  In the Basic Network screen, update the appropriate IP address under the DNS section.
4.  Click Summary.
5.  Click Apply (this will take a few moments).
6.  Close Configuration Wizard and stop the tomcat-admin service.
     service tomcat-admin stop
7.  Run Configuration Wizard on the Control Server.
8.  Click Summary.
9.  Click Apply.


If Configuration Wizard cannot be used:
In the CLI of each appliance, edit /etc/resolv.conf and save.

Important: CLI method should only be used when Configuration Wizard cannot be run.  Otherwise, the next time Configuration Wizard is run, resolv.conf will be overwritten with the old settings (unless updated).



L2 High Availability Environments

1. Update zones.common (see instructions above).
2. Update resolv.conf on the Primary Server via configWizard (see instructions above).
3. Update resolv.conf on the Secondary Server via configWizard.  Access configWizard using the address of the Secondary Server. 

Note:  In older versions, the Secondary address may not be available in a Layer 2 High Availability configuration (Virtual IP is configured).  In such cases, a modification of the /etc/hosts file on the Secondary Server is necessary.  For instructions, refer to section Access Secondary Server Wizard Post HA Configuration in the High Availability reference manual in the Fortinet Document Library.  





Contributors