Created on 04-22-2020 08:48 AM Edited on 08-02-2023 11:12 PM By Jean-Philippe_P
Description
This article describes the situation when utilizing a FortiExtender interface for SD-WAN and the mobile ISP DNS is overriding the FortiGate system DNS.
This can be a problem as often DNS servers provided by the mobile carrier only allow connections for carrier clients.
In this case, DNS traffic across all other SD-WAN member interfaces will fail.
This behavior is caused by the ‘set dns-server-override‘ being enabled by default on interface settings and the fact that often a mobile ISP provides services via DHCP.
Solution
To correct it, disable this setting under the FortiExtender virtual interface on the FortiGate.
Disabling this prevents the interface from using a DNS server acquired via DHCP or PPPoE.
config system interface
edit <name of your FortiExtender interface>
set dns-server-override disable
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.