Description | This article describes how to use the FQDN address object in FortiGate when the DNS resolution changes dynamically. |
Scope | All supported versions of FortiOS. |
Solution |
In cases where Websites with multiple servers have a load balanced between multiple locations, the DNS resolution can change dynamically. This may lead the DNS resolution of the client to not coincide with the DNS resolution of the FortiGate for a specific FQDN address
In this case, the client will create a connection request with an IP that does not match the IP resolved by the Firewall for the same domain name and the connection will be dropped by the Firewall.
The solution is to configure the FortiGate as a DNS server and make sure that the client sends the DNS request to FortiGate. The DNS resolution for the client and the FortiGate will be the same, so the Policy will be matched.
Below are the steps to configure the FortiGate as a DNS forwarder:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.