Local traffic not using the right source IP

Forum|Forum|5 years ago
February 3, 2021
1 reply
3791 views

Hello all,

I try to configure tacacs+ authentication but the the local tacacs traffic leaving the forti does not have the correct source IP.

To leave the forti it uses the source IP address of the outgoing interface which is wrong. I would like it to have the source Ip of the management interface mgmt1.

Forward traffic is using the same outgoing interface but with the correct source IP which are not the ip of this interface.

I did snmp config which is correclty using mgmt1 source ip.

I have only one vdom activated which is root and includes all physical interfaces.

In the tacacs config I tryed to set source-ip with mgmt1 IP but I get an error saying node_check_object_fail for source ip.

The only difference I see between snmp and tacacs config is where you do it: snmp is done globally, tacacs was don in the vdom root. mgmt1 interface in menu Network>Interface has no vdom whereas all the other have. There is no gui entry to change mgmt1 vdom.

Help would be apreciated to have tacacs traffic with the right source IP.

THank you.

Patel

New Member

Hello,

Please use the following commands in the CLI of the FortiGate to change the source IP:

config user tacacs+

edit <Name>

set source-ip <Source IP>

Let us know if that works or not.

Regards,

Patel

John2010Author

New Member

Hi Patel,

This is exactly what I tryed, putting source IP the IP of the mgmt1 interface: 10.35.x.x

But I got an error:

10.35.x.x is not valid source ip.

node_check_object_fail! for source-ip 10.35.x.x

value parse error before '10.35.x.x'

Command fail. Return code -0

Running FortiOS v6.0.4 build 231 on a cluster of two 3000D

Thank you.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded