- #How to configure internet from host pc to fortigate vm how to
- #How to configure internet from host pc to fortigate vm Pc
- #How to configure internet from host pc to fortigate vm windows
#How to configure internet from host pc to fortigate vm windows
NOTE : The following steps are similar for Windows Server 2008, 2012, 2012 R2, 2016. Then I changed the client VM's DNS IP address (which was 1st set as the address of the DHCP/DNS Server) to VMware's NAT network's gateway IP address (this is the part I didn't understand), this address was already acquired dynamically by Fortigate for the WAN port, the the internet started working.Setup LDAP using AD LDS (Active Directory Lightweight Directory Services) What I did wad I removed the Primary/Secondary DNS IP address from Fortigate and set it to 0.0.0.0. Technically speaking it can be made to work but you're going to need those debug commands to figure out what the Fortigate is sending & receiving. All this extra NATing also makes it more complicated to understand which IPs are masked by what other IPs through the Fortigate, then VMware doing NAT and then there is yet another layer later on at your actual LAN/ISP interface which applies a final layer of NAT. There are some settings that need to all line up especially in your very a-typical setup that isn't a normal deployment type. Fortigate by default isn't a DNS server but it can be turned on and configured to do so. If you "point at the Fortigate" for DNS and nothing is happening, it's a configuration issue. For example your web filter may be configured to block traffic if a rating error occurred (you can change this default block-on-Internet-failure behaviour in its settings). If those can't be reached, the Fortigate may have been configured to block traffic. These services work by contacting online Fortiguard services. The Fortigate has UTM features you may have had enabled such as DNS filtering, web filtering, application control. The Fortigate could still be blocking some traffic if the Fortigate itself had no proper Internet access due to a bad route or DNS entries. Probably a combination and we're getting lost in fully understanding what your precise setup is in each stage. Either you changed something on the Fortigate or the client VM or the server VM. You said you changed DNS IP a few times but it's not clear which device you were talking about in each instance. I don't fully understand what all you changed. However, when I completely removed the Primary DNS server IP from Fortigate, and set the client VM DNS as the gateway IP of NAT (192.168.206.2) the internet started working, is it because because the client's traffic is being routed to the NAT gateway by the firewall ?! Thanks for the detailed response, appreciate that, and that I disabled the DNS server (paused the VM) just to test if the Fortigate was allowing internet access to the client by settings changing the DNS IP to the NAT gateway IP (192.168.206.2, this the WAN port automatically obtained), however I also set it as the primary DNS server IP, it did not work either. It's not on by default out of the box (at least it wasn't this morning when I configured a brand new Fortigate using firmware 6.2.2).
#How to configure internet from host pc to fortigate vm how to
See previous reply how to turn that on in the Fortigate. The firewall's received DNS won't play a role unless you're using the Fortigate itself as a DNS server (Windows DNS doesn't do this UNLESS you configured a forwarder to point to the Fortigate's LAN IP in which case you need to enable DNS service on the Fortigate). In addition you could turn on DNS debug logging on the Windows DNS server to see what it's sending and receiving during your tests. If you don't see any traffic from DNS server then maybe its gateway isn't set right or it needs its cache flushed. When client fails to load a web page I'd expect the Fortigate to at least see an attempt at DNS from the Windows server.