Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Saintzev
New Contributor

DNS Error on Fortigate brand new 100E

Hi, im having a trouble on a fortinet 100E which doesnt allow me to resolve DNS i tried with a few publics even private DNS and none of them works actually i've a fortinet 80C and its fully functional which i do is MANUALLY copy the whole rules services ports static routes and everything  but still saying on browser DNS_PROBE_FINISHED_BAD_CONFIG, so now im stuck 

because the config is EXACTLY the same of my currently active 80C but doesnt work, could anyone help me ? :(

11 REPLIES 11
MikePruett
Valued Contributor

The Gate itself doesn't resolve DNS or devices behind the Gate doesn't resolve DNS?

Mike Pruett Fortinet GURU | Fortinet Training Videos
Saintzev

when i use the CLI ping to IP google DNS its ok, even in laptops behind the FW are ok, cant remember right now if from the CLI resolve the name , now we're in production where i work so later im going to test again and will update , thanks for your response ! 

ede_pfau
Esteemed Contributor III

Check config error in the CLI with "diag deb conf read".

It might not harm to re-enter the System DNS. After that, you should be able to "exec ping <name.com>" from the CLI.

If that is working but your hosts cannot resolve names: check that you have a DNS server defined for each interface with hosts (usually, "internal"). Activate the feature "DNS database" first, then click System > DNS server to define resolver on one or more interfaces. Use "forward to system DNS" if you don't use local DNS entries.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
rwpatterson
Valued Contributor III

Saintzev wrote:
actually i've a fortinet 80C and its fully functional which i do is MANUALLY copy the whole rules services ports static routes and everything
Single question. Are both Fortigates running the same level of code when you copied and pasted?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Saintzev

we'll im back thank you guys for your answers , now i see the only thing i get the DNS resolve is adding MANUALLY the DNS on my computer ( any public dns works ) but i need a way to do it automaticaly, beside this the actual running fortinet 80 does it right but the new one doesnt propagate the DNS, and in this new interface i cant see an option that helps me to solve it 

what i'm missing in this case ?

 

ede_pfau
Esteemed Contributor III

You have not defined any DNS server on the 'internal' or 'lan' interface. Please check my last post.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Saintzev

this is an example of fortigate 5.4 and theres no option to specify DNS Server which has on 5.2 , theres a way to set it up tru CLI ? 

ede_pfau
Esteemed Contributor III

If that is working but your hosts cannot resolve names: check that you have a DNS server defined for each interface with hosts (usually, "internal"). Activate the feature "DNS database" first, then click System > DNS server to define resolver on one or more interfaces. Use "forward to system DNS" if you don't use local DNS entries.

 

Try that on a port with role "LAN" first, not on the 'wan1' port.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
sw2090
Honored Contributor

well if he did just copy the policies and routes and did not apply a complete backup he should have at least seen if something failed. If you apply as script you get the status right afterwards and see if it worked or failed. In case it failed you would need to run cli debug log in a console and reapply the script on gui). If you copy paste to cli you see an error immediately when it occurs.

 

Probably he should post us his dns settings?

Or/and check what Mike wrote?

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors