Hi,
is there a possibility to manipulate the DNS lookup for one FQDN (for specific SSIDs) to resolv to an internal address (LAN-Port)? All other adresses should resolve via public DNS.
The policy works, but I have to manipulate the DNS-lookups.
I think I will have to activate the fortigate DNS-Server?
I don't want to use the hosts file on the clientside.
hi,
if the WiFi clients use the FGT as DNS, there is a "DNS translation" feature for this. Basically, the FGT sniffs for DNS requests to this FQDN and exchanges the resolved address. You'll find it in the CLI reference.
Hi,
thanks for your reply.
I solved it that way:
-Activated Fortigate DNS Database
-Set up DNS zone / Primary / Slave / recursive
-Set up Host A Entry for internal DNS lookup
-Applied the settings to the SSID in DNS-Database Settings (DNS Server on Interface -> SSID Name)
-Set DNS-Server-IP for the SSID to use same IP as interface IP.
-Set up a Policy from WLAN-SSID to LAN (IP of device I would like to reach via the DNS).
Works!
Well done. Quite straightforward once it's done, right?
Hi,
sorry for the delayed respond. Yes, it is pretty straightforward. ;)
Thank you!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.