Filter
Top Products
Fortinet 132 FortiWeb 5.0 Patch 6 Administration Guide
To configure DNS settings via the CLI
1. Enter the following commands:
config system dns
set primary <address_ipv4>
set secondary <address_ipv4>
set domain <local-domain_str>
end
where:
• <address_ipv4> is the IP address of a DNS server
• <local-domain_str> is the name of the local domain to which the FortiWeb appliance
belongs, if any
The local domain name is optional. It will not appear in the Host: field of HTTP headers for
connections to protected web servers.
The appliance will query the DNS servers whenever it needs to resolve a domain name into
an IP address, such as for NTP or web servers defined by their domain names (“domain
servers”).
2. To verify your DNS settings, in the CLI, enter the following commands:
execute traceroute <server_fqdn>
where <server_fqdn> is a domain name such as www.example.com.
If the DNS query for the domain name succeeds, you should see results that indicate that
the host name resolved into an IP address, and the route from FortiWeb to that IP address:
traceroute to www.example.com (192.0.43.10), 30 hops max, 60 byte
packets
1 172.20.130.2 (172.20.130.2) 0.426 ms 0.238 ms 0.374 ms
2 static-209-87-254-221.storm.ca (209.87.254.221) 2.223 ms 2.491
ms 2.552 ms
3 core-g0-0-1105.storm.ca (209.87.239.161) 3.079 ms 3.334 ms
3.357 ms
...
16 43-10.any.icann.org (192.0.43.10) 57.243 ms 57.146 ms 57.001
ms
If the DNS query fails, you will see an error message such as:
traceroute: unknown host www.example.com
CFG_CLI_INTERNAL_ERR
Verify your DNS server IPs, routing, and that your firewalls or routers do not block or proxy
UDP port 53.
DNS tests may not succeed until you have completed “Adding a gateway” on page 125.