Fortinet black logo

Handbook

Dynamic VIP DNS translation

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:124207
Download PDF

Dynamic VIP DNS translation

When a dynamic virtual IP is used in a policy, the dynamic DNS translation table is installed along with the dynamic NAT translation table into the kernel. All matched DNS responses will be translated and recorded regardless if they hit the policy. When a client request hits the policy, dynamic NAT translation will occur if it matches a record, otherwise the traffic will be blocked.

Syntax

config firewall vip

edit "1"

set type dns-translation

set extip 192.168.0.1-192.168.0.100

set extintf "dmz"

set dns-mapping-ttl 604800

set mappedip "3.3.3.0/24" "4.0.0.0/24"

end

Dynamic VIP DNS translation

When a dynamic virtual IP is used in a policy, the dynamic DNS translation table is installed along with the dynamic NAT translation table into the kernel. All matched DNS responses will be translated and recorded regardless if they hit the policy. When a client request hits the policy, dynamic NAT translation will occur if it matches a record, otherwise the traffic will be blocked.

Syntax

config firewall vip

edit "1"

set type dns-translation

set extip 192.168.0.1-192.168.0.100

set extintf "dmz"

set dns-mapping-ttl 604800

set mappedip "3.3.3.0/24" "4.0.0.0/24"

end