On MacOS, using dig or host to query external domain, e.g.Using wireshark, the DNS response from server will give IP for requested.When query nslookup 10.10.10.1, it works normally.
#Fortigate vm enable sslv3 driver#
This is probably because of this point “If the domain does not match split-dns then the FortiClient network driver will respond to the DNS request with ‘no such name’ forcing the DNS request to be resolved by the physical adapter DNS” as specified in.Using wireshark to capture packets, the DNS response from server will say no such name A.In firewall log, there is Accept DNS Error or IP Connection Error message.Queries are sent over SSL VPN connection.On windows, using nslookup and resolve-dnsname to query external domain, e.g.
Information: Split DNS domain is, split DNS server: 10.10.10.1, local dns server: 192.168.0.1.host|nslookup will not work as requests are sent over VPN tunnel, but can’t fail back to physical interface.host|nslookup will work as it is sent via VPN tunnel first and then failover to physical interface when network driver intercepts with no such name response.always works if split dns server can resolve it as requests are sent via VPN tunnel If it gets no such name response (due to network driver interception), it will send query via physical interface. On Windows, utility such as nslookup and resolve-dnsname send dns queries via VPN tunnel first.For dig command, it always sends via physical interface so it can’t resolve dns for split dns domain., request will be sent via physical interface -> can’t resolve split dns domain. For host and nslookup command: host|nslookup.To query split dns server like other processes (such as browser), use scutil –dns to check list of resolver and dns-sd -G v4 to query like other processes.
#Fortigate vm enable sslv3 mac#