you require 6.2x to configure this feature.
Here we can see the DNS over TLS is disabled, which is the default.
Here we can see a packet capture showing a standard DNS query. As you see this traffic is UDP 53.
In the screenshot above, we can see that this is set up in Enforce mode which is Strict mode. You will need to choose the certificate you want to use from the drop down.
With the Enable option here, this is actually opportunistic mode. In this mode, the client will attempt to make a TLS connection on port 853 and if it fails, it will fall back to the standard UDP 53.
Here you can see the packet capture after turning on DoT. Notice it is using TCP and is using port 853.
DoH Blocking
If you want to block DNS over HTTPS, Fortinet has a application signature for it.
+
1 2 2
-
07-05-2020, 04:59 #1Status
- Offline
- Apr 2014
- Egypt
- 4,698
Engineering and Technology
- 10
: FortiGate DNS over TLS DOT vs DOH
------------------------------------------------------------------------
Rise Company for Engineering & Technology
------------------------------------------------------------------------
Web Hosting | Web Designing | E-Marketing
# 1 Business Services
Web Hosting - Business Emails
Web Design - Google Adwords
www.rise.company | www.rise.company/emails
:
! .
-
DMZ FortiGate Firewall
Rise Company Fortigate: 0: 01-05-2020, 21:08 -
FortiGate Inspection Mode Proxy Vs Flow Modes
Rise Company Fortigate: 0: 29-04-2020, 01:32 -
FortiGate DNS Forwarder & Server
Rise Company Fortigate: 0: 26-04-2020, 23:34 -
| FortiGate 30E, 50E, 60E, 80E, 100E
Rise Company Fortigate: 0: 22-04-2020, 00:13 -
FortiGate Firewall IPSec VPN vs SSL VPN
Rise Company Fortigate: 0: 19-04-2020, 01:51
-
Digg
-
del.icio.us
-
StumbleUpon
-
Google
