Description
The DNS translation feature available in the FortiOS firmware is designed to modify the DNS reply from a DNS server.
It is typically used to allow internal users of a network to access resources with their private IP addresses, hence can simplify the firewall configurations.
A network diagram is provided below with an example that illustrates on how to configure this feature.
In this example, the client sends a DNS resolution request to the DNS server 172.31.17.252 for resource “server1.lab.mycompany.com” . The DNS reply sent by the DNS server is 172.31.17.37 (this is the public IP address of “server1”), but the reply is translated on the FortiGate unit into 10.73.1.37, which is the private IP address of the same resource, “server1”.
Solution
