Fortigate – DNS rewriting (doctoring)

There are times when you need to rewrite the results of a DNS request to enforce security policies. One such example is using the Safe Search option. Google’s main search page now defaults to HTTPS thus without using SSL deep inspection the Fortigate can’t insert “&safe=active” to the HTTP request.

A workaround for this would be to rewrite the results of the DNS request for www.google.com to nosslsearch.google.com. In the Fortigate this can be achieved by creating a DNS server with that entry:

 

 

 

Now when a user searches on Google the connection will not be encrypted and Safe Search will be active provided it is enabled in the webfilter profile. DNS queries for other google subdomains will complete without modification.

Leave a Reply