Fortinet black logo

Administration Guide

Home FortiGate CNF Administration Guide

Configuring DNS filtering on AWS

Configuring DNS filtering on AWS

In order for DNS filtering to work properly in FortiGate CNF instance policies, the AWS environment must be configured.

By default, compute resources within a VPC use AWS's internal DNS servers. The DNS traffic will stay inside the VPC and not be routed to the deployed FortiGate CNF instance. VPC configurations must be changed to route those DNS requests to an external DNS server to be scanned by the FortiGate CNF instance.

To configure DNS requests:

  1. In the AWS VPC, create a new DHCP option set using any external DNS.

  2. Update the DHCP option set in the desired VPC to use the new DHCP option set.

  3. Setup the routing as you would for egress inspection.

  4. If there are any existing resources in this VPC, restart them so that the DNS cache will reset and pickup the new DNS server.

Previous
Next

Configuring DNS filtering on AWS

In order for DNS filtering to work properly in FortiGate CNF instance policies, the AWS environment must be configured.

By default, compute resources within a VPC use AWS's internal DNS servers. The DNS traffic will stay inside the VPC and not be routed to the deployed FortiGate CNF instance. VPC configurations must be changed to route those DNS requests to an external DNS server to be scanned by the FortiGate CNF instance.

To configure DNS requests:

  1. In the AWS VPC, create a new DHCP option set using any external DNS.

  2. Update the DHCP option set in the desired VPC to use the new DHCP option set.

  3. Setup the routing as you would for egress inspection.

  4. If there are any existing resources in this VPC, restart them so that the DNS cache will reset and pickup the new DNS server.

Previous
Next