Fortinet black logo

CLI Reference

config firewall dnstranslation

config firewall dnstranslation

Configure DNS translation.

config firewall dnstranslation

Description: Configure DNS translation.

edit <id>

set src {ipv4-address}

set dst {ipv4-address}

set netmask {ipv4-netmask}

next

end

config firewall dnstranslation

Parameter

Description

Type

Size

Default

src

IPv4 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address matches, the resolved address is substituted with dst.

ipv4-address

Not Specified

0.0.0.0

dst

IPv4 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or subnet on the external network, but number of addresses must equal number of mapped IP addresses in src.

ipv4-address

Not Specified

0.0.0.0

netmask

If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst.

ipv4-netmask

Not Specified

255.255.255.255

config firewall dnstranslation

Configure DNS translation.

config firewall dnstranslation

Description: Configure DNS translation.

edit <id>

set src {ipv4-address}

set dst {ipv4-address}

set netmask {ipv4-netmask}

next

end

config firewall dnstranslation

Parameter

Description

Type

Size

Default

src

IPv4 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address matches, the resolved address is substituted with dst.

ipv4-address

Not Specified

0.0.0.0

dst

IPv4 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or subnet on the external network, but number of addresses must equal number of mapped IP addresses in src.

ipv4-address

Not Specified

0.0.0.0

netmask

If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst.

ipv4-netmask

Not Specified

255.255.255.255