Hi there,
we have a site where the FortiGate sets up a VPN. All AD/DNS is on the other end of the VPN.
We' d like the fortigate to forward DNS traffic for domain.local (the AD domain) to the AD servers. We explicitly do not want to create a shadow domain (who would want to maintain all the records in 2 places? I surely don' t...).
On the CLI there' s a forwarder option. You' d think that' s pretty self explanatory, don' t get it to work tho' :(.
fgt-custsite2 (dns-database) # show
config system dns-database
edit " domain.local"
set domain " domain.local"
set forwarder " 192.168.11.1"
next
end
Whilst we can ping the IP of the AD machine (192.168.11.1) just fine from the FortiGate, it doesn' t seem like it wants to forward the requests for this zone though :(.
Any ideas? This is a pretty common scenario for us, especially now more and more moves to the cloud. And as we all know AD uses a ton of records, really don' t feel like adding (and maintaining!!) all the _msdcs stuff for example.