Chapter 10 Install and System Administration for FortiOS 5.0 : Session helpers : DNS session helpers (dns-tcp and dns-udp)
  
DNS session helpers (dns-tcp and dns-udp)
FortiOS includes two DNS session helpers, dns-tcp, a session helper for DNS over TCP, and dns-udp, a session helper for DNS over UDP.
To accept DNS sessions you must add a security policy with service set to any or to the DNS pre-defined service (which listens on TCP and UDP ports 53). The dns-udp session helper also listens on UDP port 53. By default the dns-tcp session helper is disabled. If needed you can use the following command to enable the dns-tcp session helper to listen for DNS sessions on TCP port 53:
config system session-helper
edit 0
set name dns-tcp
set port 53
set protocol 6
end
See Also
Viewing the session helper configuration
Changing the session helper configuration
DCE-RPC session helper (dcerpc)
File transfer protocol (FTP) session helper (ftp)
H.245 session helpers (h245I and h245O)
H.323 and RAS session helpers (h323 and ras)
Media Gateway Controller Protocol (MGCP) session helper (mgcp)
ONC-RPC portmapper session helper (pmap)
PPTP session helper for PPTP traffic (pptp)
Remote shell session helper (rsh)
Real-Time Streaming Protocol (RTSP) session helper (rtsp)
Session Initiation Protocol (SIP) session helper (sip)
Trivial File Transfer Protocol (TFTP) session helper (tftp)
Oracle TNS listener session helper (tns)