Fortigate self-generated traffic to Internet from external private address

Forum|Forum|7 years ago
September 5, 2018
2 replies
6426 views

Hello,

I have a Fortigate 3000 running V5.6.3. Its external ethernet interface, connected to the Internet router, has a private IP address.

The problem is that it cannot reach the Fortinet site because its subscription information (sandboxing, signatures, virus, etc) self-generated outgoing IP packets are sent to Internet with its external interface private source IP address instead of the global IP it should use to be properly routed.

I would really appreciate any example of help in how to perform SNAT for its self generated traffic to Internet.

I created an outgoing policy performing SNAT from an IP Pool containing the IP public address. And this works perfectly for some internal hosts needing some direct access to Internet. The problem is that I cannot find the way to do the same for the Fortigate self-generated traffic.

Regards in advance.

Albert.

pyy

New Member

Go to cli

config global (only if you apply vdom)

config system fortiguard

set source-ip x.x.x.x -> Put your WanIP

end

you should do the same for config system dns

emnoc

New Member

Do you have a any public reached address assigned on the firewall? You could set one to a loopback , allow a policy from loopback to wan1 service any and the fortiguard services.

Typically you do NOT do this and just use a public-assigned address to the firewall. Alternative if you have a inside proxy you could defined that and use it for allowing the traffic thru.

http://kb.fortinet.com/kb/documentLink.do?externalID=FD36587

YMMV

Ken

sw2090

SuperUser

This might mean that traffic going out from your fortigate itself does for whatever reason not get NATted - neither by your fortigate nor your router that is in front of it. Then and only then could traffic go out to the internet with that source ip.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded