firewall : dnstranslation
Use this command to add, edit or delete a DNS translation entry. If DNS translation is configured, the FortiGate unit rewrites the payload of outbound DNS query replies from internal DNS servers, replacing the resolved names’ internal network IP addresses with external network IP address equivalents, such as a virtual IP address on a FortiGate unit’s external network interface. This allows external network hosts to use an internal network DNS server for domain name resolution of hosts located on the internal network.
config firewall dnstranslation
edit <index_int>
set dst <destination_ipv4>
set netmask <address_ipv4mask>
set src <source_ipv4>
Enter the unique ID number of the DNS translation entry.
No default.
dst <destination_ipv4>
Enter the IP address or subnet on the external network to substitute for the resolved address in DNS query replies.
dst can be either a single IP address or a subnet on the external network, but must be equal in number to the number of mapped IP addresses in src.
netmask <address_ipv4mask>
If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst.
src <source_ipv4>
Enter the IP address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address matches, the resolved address is substituted with dst.