Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sselvam
Staff
Staff

Created on ‎04-21-2020 08:57 AM

Article Id 194780

Technical Tip: Configuring DNS servers per SSL VPN Portal

Description
This article describes how to configure DNS servers differently for different user groups (or tunnels), configure it uniquely for each SSL VPN portal and then assign user groups a unique portal.


Solution
Configuring the DNS servers for individual VPN portal can be done only via the CLI

Firmware version from V5.2 onwards.
# config vpn ssl web portal
    edit <portal>
        set dns-server1 <ip4_addr>
        set dns-server2 <ip4_addr>
    end
If IPv6 is used  with the SSL VPN connection, set the IPv6 DNS address as well on the firewall web portal.
# config vpn ssl web portal
    edit <portal>
        set dns-server1 <ip6_addr>
        set dns-server2 <ip6_addr>
    end
Specifying the DNS server settings at the portal level is overriding those at the global level.

If all SSL VPN portals have DNS settings configured, remove the DNS settings at the system level.
# config vpn ssl settings
    unset dns-server1
    unset dns-server2
end
Do it for the IPv6 as well,
# config vpn ssl settings
    unset ipv6-dns-server1
    unset ipv6-dns-server2
end

26910
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.