How Do You FortiGate a DNS Server?


Larry Thompson

FortiGate is a powerful network security appliance that provides various features to protect your network infrastructure. One of the key components of a network is the DNS server, which translates domain names into IP addresses. In this article, we will explore how you can fortify your DNS server using FortiGate.

Why Fortify Your DNS Server?

Before we dive into the steps, let’s understand why it’s important to fortify your DNS server. DNS servers are a prime Target for cyber attacks as they play a crucial role in determining how internet traffic is routed. By securing your DNS server, you can protect against various threats such as DNS spoofing, cache poisoning, and DDoS attacks.

Step 1: Accessing the FortiGate Interface

The first step in fortifying your DNS server with FortiGate is to access the FortiGate web interface. Open your preferred web browser and enter the IP address of your FortiGate device in the address bar. You will be prompted to enter your login credentials.

Step 1.1: Logging In

Once you have accessed the FortiGate web interface, enter your username and password to log in. After successful authentication, you will be redirected to the dashboard.

Step 2: Configuring Firewall Policies

To fortify your DNS server, you need to create firewall policies that control inbound and outbound traffic. Follow these steps:

  • Navigate to Firewall > Policy & Objects > IPv4 Policy.
  • Create a new policy by clicking on “Create New”.
  • In the “Incoming Interface” field, select the interface that receives incoming DNS traffic.
  • In the “Outgoing Interface” field, choose the interface that connects to your DNS server.
  • Set the “Action” to “Accept”.
  • Specify the source and destination addresses as required.
  • Under “Services”, select the appropriate DNS service.
  • Click on “OK” to save the policy.

Step 3: Enabling DNS Traffic Logging

To monitor your DNS traffic and detect any suspicious activities, it’s essential to enable DNS traffic logging. Here’s how you can do it:

  • Navigate to Log & Report > Log Settings > Log Configurations.
  • Create a new log configuration by clicking on “Create New”.
  • Select the appropriate log type (e.g., Security Event) and log filter.
  • In the “Filter” section, specify the criteria for filtering DNS traffic logs.
  • Enable logging for both inbound and outbound DNS traffic.
  • Click on “OK” to save the log configuration.

Step 4: Implementing Intrusion Prevention System (IPS)

An Intrusion Prevention System (IPS) can help identify and block potential threats Targeting your DNS server. Follow these steps to enable IPS:

  • Create a new firewall policy as described in Step 2, but this time select IPSec as the service for both source and destination addresses.
  • Note: You may need to consult FortiGate documentation or an expert for detailed IPS configuration specific to your DNS server setup.

  • Click on “OK” to save the policy.


By following the steps outlined in this article, you can fortify your DNS server using FortiGate. Remember, securing your DNS server is crucial for maintaining a secure and reliable network infrastructure. Regularly monitor the logs and stay updated with the latest security patches and firmware releases from Fortinet to stay one step ahead of potential threats.

Discord Server - Web Server - Private Server - DNS Server - Object-Oriented Programming - Scripting - Data Types - Data Structures

Privacy Policy