In this blog we are showing basic troubleshooting steps to follow when you are not able to access any system/resource using hostname over IPSec or SSLVPN connection using Forticlient.
Issue:
Unable to access any system/resource hostname over IPSec or SSLVPN connection using Forticlient.
Nslookup is unable to resolve the system name; it only works using FQDN like systemname.domain.com for any system which is on the other side of the VPN.
Cause:
It happens because the DNS suffix is not configured correctly on the Fortigate VPN client.
Solution:
To solve this issue need to configure DNS suffix in Fortigate SSL and IPsec VPN configuration. This advance option is unavailable on the Web management GUI and this has to be done using CLI.
Follow the below steps to troubleshoot the issue.
Steps–
1. Login to the Fortigate firewall Web management portal.
2. Open the CLI web console by clicking the icon on the right top.
3. Go to Forigate CLI interface, run the below command to check if DNS suffix is configured.
Show vpn ipsec phase1-interface <vpn name>
4. Run the command to set domain name.
# config vpn ipsec phase1-interface
# edit (VPN name)
# set domain (domain name)
# end
5. Domain suffix is applied now.
6. Run the below command to check if DNS suffix is configured correctly
Show vpn ipsec phase1-interface <vpn name>
7. To remove the domain name, run the command.
# config vpn ipsec phase1-interface
# edit (VPN name)
# unset domain (domain name)
# end
8. Disconnect and reconnect the Fortigate VPN client to fetch the updated configuration.
9. Now the VPN client system should be able to access the resources using only machine name.