Thursday, July 24, 2014

Fortigate SSL VPN Client cannot resolve FQDNs

Recently had a customer complain that he cannot access documents on his file server when connected via SSL VPN. Closer inspection showed that the customer was trying to access the fileserver by hostname “\\fileserver” as opposed to “\\fileserver.corp.local”.

The fix seemed to be simple, implement a DNS search suffix. Unfortunately there is no such option in the GUI, so I had to set it via command-line.

Set DNS search suffix using CLI

config vpn ssl settings
set dns-suffix corp.local
end

Set Client DNS Server in the GUI

Navigate to VPN –> SSL –> Settings –> Tunnel Mode Client Settings.  Specify the DNS Server setting and enter the IP addresses of your corporate DNS servers.

Your Fortigate will now append the “corp.local” suffix to all non-qualified hostnames.  This was tested on FortiOS 5.06, 5.07 and 5.2