After setting up a SSL VPN tunnel, one of the biggest complaints I get is “I cannot get to my shares”. This is because the Domain suffix has not been pushed out to their tunnel interface. This is easy to remedy, but seems to be in CLI only.
Within cli you have many options under the ssl vpn config that are not presented in the GUI.
You can edit the VPN tunnel with the command:
config vpn ssl settings
Here are a list of all the settings:
as you can see, the dns-suffix is an option, as well as DNS servers.
The Suffix option is not presented in the GUI, but the dns servers are.
The command to set the suffix is:
set dns-suffix corp.local
Make sure your DNS servers are also set for your internal network and it should now work without a problem.
Hi, thank you for sharing this information. I did that as described, a “get” shows that the suffix wad set correctly. unfortunately, my windows 7 client does not receive the suffix. Still appears empty. Any ideas?
Best regards, Manfred
Hi Manfred, make sure your local firewall has the correct dns domain set under – sys – int – dns
It has. But, when I do “ipconfig /all”, after connecting via the fortinet vpn client, no dns suffix is set on the connection. It is still blank. Entering the suffix manually in the Windows settings of the connection works fine, but pushing it through the fortigate fe itself does not seem to show any effect.