firewall dnstranslation
Use this command to add, edit or delete a DNS translation entry. If DNS translation is configured, the FortiGate unit rewrites the payload of outbound DNS query replies from internal DNS servers, replacing the resolved names’ internal network IP addresses with external network IP address equivalents, such as a virtual IP address on a FortiGate unit’s external network interface. This allows external network hosts to use an internal network DNS server for domain name resolution of hosts located on the internal network.
config firewall dnstranslation edit {id} # Configure DNS translation. set id {integer} ID. range[0-4294967295] set src {ipv4 address} IPv4 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address matches, the resolved address is substituted with dst. set dst {ipv4 address} IPv4 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or subnet on the external network, but number of addresses must equal number of mapped IP addresses in src. set netmask {ipv4 netmask} If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst. next end
Additional information
The following section is for those options that require additional explanation.