Fortinet Exam FCSS_SASE_AD-23 Topic 2 Question 17 Discussion

Actual exam question for Fortinet's FCSS_SASE_AD-23 exam

Question #: 17
Topic #: 2

An organization needs to resolve internal hostnames using its internal rather than public DNS servers for remotely connected endpoints. Which two components must be configured on FortiSASE to achieve this? (Choose two.)

ASSL deep inspection

BSplit DNS rules

CSplit tunnelling destinations

DDNS filter

Show Suggested Answer

Suggested Answer: B, C

To resolve internal hostnames using internal DNS servers for remotely connected endpoints, the following two components must be configured on FortiSASE:

Split DNS Rules:

Split DNS allows the configuration of specific DNS queries to be directed to internal DNS servers instead of public DNS servers.

This ensures that internal hostnames are resolved using the organization's internal DNS infrastructure, maintaining privacy and accuracy for internal network resources.

Split Tunneling Destinations:

Split tunneling allows specific traffic (such as DNS queries for internal domains) to be routed through the VPN tunnel while other traffic is sent directly to the internet.

By configuring split tunneling destinations, you can ensure that DNS queries for internal hostnames are directed through the VPN to the internal DNS servers.

FortiOS 7.2 Administration Guide: Provides details on configuring split DNS and split tunneling for VPN clients.

FortiSASE 23.2 Documentation: Explains the implementation and configuration of split DNS and split tunneling for securely resolving internal hostnames.

by Tyisha at Jan 10, 2025, 06:26 PM

Limited Time Offer

25%

10 days ago

I think we need to configure Split DNS rules and DNS filter on FortiSASE.

upvoted 0 times

...