Pushing DNS Suffix to Fortigate SSL VPN
March 28, 2014
Posted by on
After setting up a SSL VPN tunnel, one of the biggest complaints I get is “I cannot get to my shares”. This is because the Domain suffix has not been pushed out to their tunnel interface. This is easy to remedy, but seems to be in CLI only.
Within cli you have many options under the ssl vpn config that are not presented in the GUI.
You can edit the VPN tunnel with the command:
config vpn ssl settings
Here are a list of all the settings:
as you can see, the dns-suffix is an option, as well as DNS servers.
The Suffix option is not presented in the GUI, but the dns servers are.
The command to set the suffix is:
set dns-suffix corp.local
Make sure your DNS servers are also set for your internal network and it should now work without a problem.