Hot!DNS Error on Fortigate brand new 100E

Author
Saintzev
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/04/11 16:40:11
  • Status: offline
2017/04/12 04:24:10 (permalink)
0

DNS Error on Fortigate brand new 100E

Hi, im having a trouble on a fortinet 100E which doesnt allow me to resolve DNS i tried with a few publics even private DNS and none of them works actually i've a fortinet 80C and its fully functional which i do is MANUALLY copy the whole rules services ports static routes and everything  but still saying on browser DNS_PROBE_FINISHED_BAD_CONFIG, so now im stuck 
because the config is EXACTLY the same of my currently active 80C but doesnt work, could anyone help me ? :(
#1

11 Replies Related Threads

    MikePruett
    Platinum Member
    • Total Posts : 677
    • Scores: 17
    • Reward points: 0
    • Joined: 2014/01/08 19:39:40
    • Location: Montgomery, Al
    • Status: offline
    Re: DNS Error on Fortigate brand new 100E 2017/04/12 06:37:52 (permalink)
    0
    The Gate itself doesn't resolve DNS or devices behind the Gate doesn't resolve DNS?

    Mike Pruett
    Fortinet GURU
    #2
    Saintzev
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/04/11 16:40:11
    • Status: offline
    Re: DNS Error on Fortigate brand new 100E 2017/04/12 06:41:16 (permalink)
    0
    when i use the CLI ping to IP google DNS its ok, even in laptops behind the FW are ok, cant remember right now if from the CLI resolve the name , now we're in production where i work so later im going to test again and will update , thanks for your response ! 
    #3
    ede_pfau
    Expert Member
    • Total Posts : 5929
    • Scores: 466
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: DNS Error on Fortigate brand new 100E 2017/04/12 08:32:04 (permalink)
    0
    Check config error in the CLI with "diag deb conf read".
    It might not harm to re-enter the System DNS. After that, you should be able to "exec ping <name.com>" from the CLI.
    If that is working but your hosts cannot resolve names: check that you have a DNS server defined for each interface with hosts (usually, "internal"). Activate the feature "DNS database" first, then click System > DNS server to define resolver on one or more interfaces. Use "forward to system DNS" if you don't use local DNS entries.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #4
    rwpatterson
    Expert Member
    • Total Posts : 8359
    • Scores: 197
    • Reward points: 0
    • Joined: 2006/08/08 10:08:18
    • Location: Long Island, New York, USA
    • Status: offline
    Re: DNS Error on Fortigate brand new 100E 2017/04/12 10:32:25 (permalink)
    0
    Saintzevactually i've a fortinet 80C and its fully functional which i do is MANUALLY copy the whole rules services ports static routes and everything

    Single question. Are both Fortigates running the same level of code when you copied and pasted?

    -Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    -4.3.19-b0694
    FWF60B
    FWF80CM (4)
    FWF81CM (2)
     
    #5
    Saintzev
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/04/11 16:40:11
    • Status: offline
    Re: DNS Error on Fortigate brand new 100E 2017/04/12 16:24:40 (permalink)
    0
    we'll im back thank you guys for your answers , now i see the only thing i get the DNS resolve is adding MANUALLY the DNS on my computer ( any public dns works ) but i need a way to do it automaticaly, beside this the actual running fortinet 80 does it right but the new one doesnt propagate the DNS, and in this new interface i cant see an option that helps me to solve it 
    what i'm missing in this case ?
     
    #6
    ede_pfau
    Expert Member
    • Total Posts : 5929
    • Scores: 466
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: DNS Error on Fortigate brand new 100E 2017/04/13 01:26:42 (permalink)
    0
    You have not defined any DNS server on the 'internal' or 'lan' interface. Please check my last post.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #7
    Saintzev
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/04/11 16:40:11
    • Status: offline
    Re: DNS Error on Fortigate brand new 100E 2017/04/13 12:29:05 (permalink)
    0
    this is an example of fortigate 5.4 and theres no option to specify DNS Server which has on 5.2 , theres a way to set it up tru CLI ? 

    #8
    ede_pfau
    Expert Member
    • Total Posts : 5929
    • Scores: 466
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: DNS Error on Fortigate brand new 100E 2017/04/13 14:40:53 (permalink)
    0
    If that is working but your hosts cannot resolve names: check that you have a DNS server defined for each interface with hosts (usually, "internal"). Activate the feature "DNS database" first, then click System > DNS server to define resolver on one or more interfaces. Use "forward to system DNS" if you don't use local DNS entries.

     
    Try that on a port with role "LAN" first, not on the 'wan1' port.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #9
    Liviagreig
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/04/04 22:04:44
    • Status: offline
    Re: DNS Error on Fortigate brand new 100E 2019/04/04 22:06:01 (permalink)
    0
    Saintzev
    Hi, im having a trouble on a fortinet 100E which doesnt allow me to resolve DNS i tried with a few publics even private DNS and none of them works actually i've a fortinet 80C and its fully functional which i do is MANUALLY copy the whole rules services ports static routes and everything  but still saying on browser DNS_PROBE_FINISHED_BAD_CONFIG, so now im stuck 
    because the config is EXACTLY the same of my currently active 80C but doesnt work, could anyone help me ? :(


    I would suggest you to try changing DNS server settings and then check for the error I am sure it will resolve the issue. Here you'll get step by step process to do it.
    post edited by Liviagreig - 2019/04/30 03:42:27
    #10
    sw2090
    Gold Member
    • Total Posts : 312
    • Scores: 20
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: DNS Error on Fortigate brand new 100E 2019/04/05 01:57:42 (permalink)
    0
    well if he did just copy the policies and routes and did not apply a complete backup he should have at least seen if something failed. If you apply as script you get the status right afterwards and see if it worked or failed. In case it failed you would need to run cli debug log in a console and reapply the script on gui). If you copy paste to cli you see an error immediately when it occurs.
     
    Probably he should post us his dns settings?
    Or/and check what Mike wrote?
    #11
    peter1122
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/04/22 01:00:56
    • Status: offline
    Re: DNS Error on Fortigate brand new 100E 2019/04/22 01:02:24 (permalink)
    0
    I am getting the same error. Please help.
    #12
    Jump to:
    © 2019 APG vNext Commercial Version 5.5