DNS traffic in NGFW policy-mode
FortiOS has an option to enable the creation of an implicit policy to allow DNS traffic.
Certain Application Control profiles may not work properly if DNS traffic is not allowed. Enabling theimplicit-allow-dns
option adds an implicit policy to allow the DNS traffic. This policy is situated in the policy sequence just above the implicit deny policy. Since this is a config system settings
command, this option can be enabled per VDOM.
CLI
config system settings
set implicit-allow-dns {enable|disable}
end