Skip to main content
kgeorge
Staff
kgeorge
Staff
January 29, 2026

Technical Tip: Abnormal traffic being generated from outside with an unexpected Private IP 192.168.x.x towards Public IP configured on FortiGate

  • January 29, 2026
  • 0 replies
  • 308 views
Description

 

This article describes how to diagnose and troubleshoot the traffic generated with an unexpected Private IP 192.168.x.x from outside towards the Public IP configured on FortiGate. 

 
Scope

 

FortiGate.

 

Solution

 

In some cases, traffic can be seen generated from outside to FortiGate Public IP, which is coming via Private IP, and that is not normal. Ideally, the traffic hitting the FortiGate WAN interface should be a Public IP.

 

UnknowIP.png

 

This is the case where the FortiGate is a standalone or Root Device, and the ISP is terminated on the FortiGate. 

 

To troubleshoot the issue, follow these steps:

  1. Check the routing configuration on the FortiGate to ensure that no routing rule allows traffic from the private IP 192.168.x.x to be sent to the public IPs. Related Document: Static & Dynamic Routing monitor.
  2. Verify that the Anti-Spoofing configuration on the FortiGate is in place and set to default values. Related article: Technical Tip: Confirm antispoofing is functioning as intended.
  3. Check with the ISP team to confirm if they have any routing or NAT translations configured at their end that could be causing the issue.
  4. If the issue persists, capture the logs on the next hop gateway device to further investigate the issue.
  5. Run the following commands on the FortiGate to capture the traffic and debug the issue:

 

In Putty1:

 

diagnose debug disabe
diagnose debug flow filter clear
diagnose debug flow show function enable
diagnose debug flow filter addr 192.168.x.x
diagnose debug flow trace start 10000000
diagnose debug enable

 

To stop the debug:

 

diagnose debug disable
diagnose debug reset

 

In Putty2:

 

diagnose sniffer packet any "host 192.168.3.3" 6 0 a

 

Press Control+C to stop.

 

Refer to this KB article to know more about using Putty to capture the command outputs: Technical Tip: How to create a log file of a session using PuTTY.

 

Notes:

  • As the traffic from IP 192.168.x.x is coming from outside to the FortiGate WAN interface, it is not a FortiGate issue.
  • Further checks would be required on the Next Hop/Upstream Router/Devices to determine the actual reasons.
Terms & ConditionsAccessibility statement