Help
FortiADC
FortiADC enhances the scalability, performance, and security of your applications whether they are hosted on premises or in the cloud.
gsharma
Staff
Staff

Created on ‎11-01-2023 11:02 PM

Article Id 282463

Technical Tip: Destination Address group config for Global DNS policy

Description This article describes how to set up the Address group for the Destination field on the Global DNS Policy if listening from an External interface.
Scope FortiADC, FortiADC-VM.
Solution

To configure the Destination address group in the Global DNS policy go to Global Load Balance -> Zone Tools -> Address group and select 'Create New'.

 

addressgrp.JPG

 

  •  Give a name to the Address group (do not use Spaces).
  • Select first in order to add the member.
  • After Saving, select 'Create new' and  Fill in the IP address.

 

Note:

This IP address has to be configured on the Interface level (it can be Primary IP or Secondary IP too). If it is not configured on the interface level, the DNS query will timeout.

 

  • Leave the Action as Include (by default) to have the IP Include addresses matching the specified address block.
  • After adding the IP address, select 'Save'.

 

membergroup.JPG

 

If the Interface IP is used for some other purpose, use the Secondary IP under the Interface config.

 

secondaryIP.JPG

 

Below is the Test result  for the nslookup:

 

dns resolve.JPG

 

Nslookup test without using Interface IP (using IP from interface IP subnet):

 

wihout sec IP.JPG

 

Related document

https://help.fortinet.com/fadc/4-5-1/olh/Content/FortiADC/handbook/glb_address_group.htm#global-serv...

 



129
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.