Technical Tip: Split DNS support for SSL VPN portals
This article describes how to configure split DNS support for SSL VPN portals.
Split DNS for SSL VPN portals allows the user to specify which domains are resolved by the DNS server specified by the VPN, while all other domains are resolved by the DNS specified locally.
FortiClient receives this information when the client connects in tunnel mode. FortiClient will push the DNS servers specified to the clients computer and all DNS requests will first attempt use this DNS server. The FortiClient network driver will intercept DNS requests; if they match the 'split-dns' listed, the DNS request will go across the tunnel and be resolved by the specified DNS servers
If the domain does not match 'split-dns' then the FortiClient network driver will respond to the DNS request with 'no such name' forcing the DNS request to be resolved by the physical adapter DNS.
To configure from GUI go to VPN -> SSL-VPN Portals and choose any of tunnel mode profile .
Enable DNS split tunneling.
To configure split DNS support for SSL VPN portals -from CLI.
# config vpn ssl web portal edit <name> # config split-dns edit <any integer > set domains "abc.com, cde.com" set dns-server1 10.1.1.10 set dns-server2 10.1.1.20 set ipv6-dns-server1 xxxxxxxxxxxx set ipv6-dns-server2 xxxxxxxxxxxx next ... end end
Last Modified Date: 04-24-2020 Document ID: FD48421