FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
athirat
Staff
Staff
Article Id 197984
Description
This article describes how to manipulate the outbound DNS reply when both the DNS server and the resolved IP is in lan.

If DNS translation is configured, the FortiGate unit rewrites the payload of outbound DNS query replies from internal DNS servers, replacing the resolved names internal network IP addresses with external network IP address equivalents, such as a virtual IP address on a FortiGate unit’s external network interface.

This allows external network hosts to use an internal network DNS server for domain name resolution of hosts located on the internal network.

athirat_FD37758_tn_FD37758.jpg

Solution
Configuration CLI
config firewall dnstranslation
edit <index_int>
set dst <destination_ipv4>
set netmask <address_ipv4mask>
set src <source_ipv4>
end

where

dst <destination_ipv4> : Enter the IP address or subnet on the external network to substitute for the resolved address in DNS query replies.

src <source_ipv4> : Enter the IP address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address matches, the resolved address is substituted with dst.

Contributors