Fortinet black logo

CLI Reference

config firewall dnstranslation

config firewall dnstranslation

Configure DNS translation.

config firewall dnstranslation
    Description: Configure DNS translation.
    edit <id>
        set dst {ipv4-address}
        set id {integer}
        set netmask {ipv4-netmask}
        set src {ipv4-address}
    next
end

config firewall dnstranslation

Parameter

Description

Type

Size

Default

dst

IPv4 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or subnet on the external network, but number of addresses must equal number of mapped IP addresses in src.

ipv4-address

Not Specified

0.0.0.0

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

netmask

If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst.

ipv4-netmask

Not Specified

255.255.255.255

src

IPv4 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address matches, the resolved address is substituted with dst.

ipv4-address

Not Specified

0.0.0.0

config firewall dnstranslation

Configure DNS translation.

config firewall dnstranslation
    Description: Configure DNS translation.
    edit <id>
        set dst {ipv4-address}
        set id {integer}
        set netmask {ipv4-netmask}
        set src {ipv4-address}
    next
end

config firewall dnstranslation

Parameter

Description

Type

Size

Default

dst

IPv4 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or subnet on the external network, but number of addresses must equal number of mapped IP addresses in src.

ipv4-address

Not Specified

0.0.0.0

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

netmask

If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst.

ipv4-netmask

Not Specified

255.255.255.255

src

IPv4 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address matches, the resolved address is substituted with dst.

ipv4-address

Not Specified

0.0.0.0