Fortigate 100D and Comcast SMC Gateway causing weird DNS issue.

I have several clients using FortiGate firewalls but they are all using traditional ISP models (fiber and T1's).  This is the first time one of my clients using a FortiGate 100D firewall is using Comcast BusinessClass internet with an SMC Gateway device and I'm having a weird DNS issue.  Client has a static IP assigned from Comcast and according to 3 different phone calls to Comcast tech support the SMC gateway is configured in a "passive" mode (since they don't support a true bridge mode) so the static IP info can be assigned to our fully updated FortiGate 100D and we can use the public IP to access the SSL VPN portal, etc.  I assigned the static public IP info from Comcast to my laptop, plug into the Comcast gateway and I can get out on the internet without any problems.  When I assign the static public IP info to the WAN interface on the 100D, the internet connection on my primary and secondary domain controllers that are also our DNS servers drops and thus none of our clients that use those DNS servers can get out on the internet.  If I manually assign the client a DNS such as it can get out on the internet but that doesn't work for us, they need to be able to use the internal DNS servers.  The strange thing is if I configure the WAN interface on the 100D to use DHCP and allow the Comcast gateway to assign it one of it's internal IP's ( for example) everything works fine on the network except nobody can use the SSL VPN portal because the 100D doesn't actually have the public IP configured on the WAN interface.  

I've called FortiNet tech support and Comcast tech support numerous times but they just point the finger at each other and nothing has been resolved.  The 100D is brand new with updated firmware and no custom routes/rules/policies other than a general outbound internet rule.

Any suggestions or help would be MUCH appreciated.  Thanks!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

have you made sure ports are listening and open for vpn connections, and nothing is blocking it, means no rules or ACL, and they are in the right VLAN group....
CruJonesAuthor Commented:
Thanks for the reply Striker, I was able to resolve the issue this morning during a troubleshooting session.  When I first connected to the FortiGate during the initial install it runs you through this little connection wizard asking you to configure your WAN, LAN, VPN info, etc.  What happened was during that wizard it created two static routes, one for the general outbound traffic and one for SSL VPN traffic.  The admin distance on both was set to 10, so for some reason that was throwing off DNS requests.  I changed the admin distance on the SSL VPN router to 20 and that immediately resolved the DNS issue.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Good to know its working properly :-)
CruJonesAuthor Commented:
Was able to figure out issue with FortiNet tech support and posted results here.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.