Skip to main content
FG-PioneerClient
FG-PioneerClient
New Member
March 11, 2013
Question

How to View the Real Source IP?

  • March 11, 2013
  • 11 replies
  • 11563 views
I am using a VIP for an internal web server, the problem that that the web logs shows the Source IP of the users accessing the web as the FG' s internal interface IP is there a way to configure the FG to pass the real source IP Address?

    11 replies

    romanr
    romanr
    New Member
    March 11, 2013
    Your " wan -> internal" policy seems to have NAT enabled, which is not needed there. So you nat the external clients behind your internal firewall IP... The VIP configuration handles the destination NAT itself. br, Roman
    FG-PioneerClient
    FG-PioneerClientAuthor
    New Member
    March 11, 2013
    Roman, I don' t NAT enabled on the Policy, because the NAT is already done by the VIP.. Thanks, Shamsan
    rwpatterson
    rwpatterson
    New Member
    March 11, 2013
    What IP address is your server seeing? If it' s the inside address of the Fortigate unit, then NAT is enabled. If it' s something else, look to that device for NAT enabled.
    FG-PioneerClient
    FG-PioneerClientAuthor
    New Member
    March 12, 2013
    If you meant the Operation Mode yes it is NAT I am trying to configure the FG to pass the real source IP it receives, that I am seeing in Traffic Log ..
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    March 12, 2013
    We could help you more if you gave more information. Please post the VIP definition and the policy it is used in. Copy&paste from the console window: 
     config firewall vip     show    config firewall policy     edit <n>        show
    FG-PioneerClient
    FG-PioneerClientAuthor
    New Member
    March 12, 2013
    Sure, here you go config firewall vip show edit " HTTP" set extip 10.10.10.10 set extintf " port26" set portforward enable set mappedip 1.1.1.1 set extport 80 set mappedport 80 next config firewall policy edit <n> show config firewall policy edit 1000 set srcintf " port26" set dstintf " port25" set srcaddr " all" set dstaddr " HTTP" set action accept set schedule " always" set service " HTTP" set logtraffic enable set logtraffic-app disable next end
    emnoc
    emnoc
    New Member
    March 12, 2013
    What might also be beneficial is a snippet of your weblogs, and example or clue as to what src-address is being logged in you weblog using the configuration your providing. In the VIP your showing, I typically don' t use port-forwarding but map the vip in fashion like the following when dealing with web services; edit " VIP_38_xx7_8x_35-web02" set extip 38.xx7.8x.35 set extintf " EXT_NET01" set mappedip 10.10.100.31 next maybe the behavior of a mapped ipaddress that' s portforward vrs non-portforward is different.
    FG-PioneerClient
    FG-PioneerClientAuthor
    New Member
    March 12, 2013
    Actually the weblog is just showing the internal interface of the FG, which is the gateway of the web server.. I have tried removing Port Forwarding but still the same ..
    GusTech
    GusTech
    New Member
    March 12, 2013
    I`m not sure, but if you have disabled all NAT. Try to remove extip or set 0.0.0.0
    rwpatterson
    rwpatterson
    New Member
    March 12, 2013
    Which firmware level?
    FG-PioneerClient
    FG-PioneerClientAuthor
    New Member
    March 12, 2013
    BrUz, What do you mean exactly by " Try to remove extip or set 0.0.0.0" ? What should I enter as commands ? THANKS
    FG-PioneerClient
    FG-PioneerClientAuthor
    New Member
    March 12, 2013
    The firmware is: v4.0 , build0535, 120511 (MR3 Patch 7)
    Show more replies
    Terms & ConditionsAccessibility statement