Soul Society

I encounter an issue that unable to ping to FQDN but able to ping to IP address after setting up a Fortigate firewall. The remote office do not have any DHCP server and DNS server. Therefore I setup the Fortigate 60D as the DHCP and create a IPSec to the HQ office. I then try to perform nslookup on the connected device and notice it provide me the ISP DNS instead of internal DNS. As resolution, go to Network > Interfaces > internal. Edit the internal interfaces and set the DNS server to Specify. Enter the internal DNS server IP.

Accessing from external public IP to Fortigate devices are important especially for remote site. However, this might open up security loop hole for attacker to access to company environment via public IP. Login to Fortigate, navigate to Network > Interfaces > the wan interface > edit. Under Administrative Access > uncheck the HTTPS / HTTP. Also make sure the SSH & SNMP is not checked.

After sign in to Fortigate SSL VPN, user unable to access to local sites, unable to RDP to server or accessing network drive. When try to run ping to the FQDN, it will show could not find the host. However, if try to ping with suffix ad.local, it will be able to access. After searching for quite sometime, I found an article  show how to enter the dns suffix via CLI. For my case, it works as below. Set DNS search suffix using CLI config vpn ssl settings set dns-suffix ad.local end Set Client DNS Server in the GUI Navigate to VPN –> SSL –> Settings –> Tunnel Mode Client Settings.  Specify the DNS Server setting and enter the IP addresses of your corporate DNS servers. Finally it works.