Re: Dns filter and redirect portal IP
You're exactly right. If I refuse the query, users will get a "domain not found" on their browsers, which will make users asks sysadmins why this is site isn't working here, as it was at home. So redirecting the users to the fortiguard IP, they get a certificate warning, which isn't better.
That's why I wanted to show them a proper page with a valid certificate.
I could use one of our internal ip, but I'll have to manage to mint a certificate on the fly myself on that server.