Skip to main content
valter
valter
New Member
November 2, 2017
Solved

Traffic from Fortigate through VPN

  • November 2, 2017
  • 1 reply
  • 4417 views

Hello. I need to link the Fortigate with the FortiAuthenticator through VPN. I created a site-to-site tunnel, everything works, hosts communicate between sites, but fortigate sends its local traffic from the wan interface (public address). What should I do to connect Fortigate and FortiAuthenticator?

the tunnels are in policy mode diagnose debug flow: id=20085 trace_id=398 func=ipsec_output_finish line=525 msg="send to public_address_site1 via intf-port10" id=20085 trace_id=399 func=print_pkt_detail line=5363 msg="vd-root received a packet(proto=6, public_address_site1:7158->local_address_site2:8000) from local. flag [S ], seq 1012248423, ack 0, win 13980" id=20085 trace_id=399 func=init_ip_session_common line=5519 msg="allocate a new session-00021e79" id=20085 trace_id=399 func=ipsecdev_hard_start_xmit line=178 msg="enter IPsec interface-vpn_interface_name" id=20085 trace_id=399 func=esp_output4 line=891 msg="IPsec encrypt/auth

Best answer by tanr

Under 5.4.x at least, after you have made the changes under Log Settings to send logs to the FortiAnalyzer IP (it won't connect successfully yet).  Then from the CLI:

 

config log fortianalyzer setting

    set source-ip <FortiGate Internal IP>

 

You'll need to have your routes and security policies defined to allow this.

1 reply

tanr
tanrAnswer
New Member
November 2, 2017

Under 5.4.x at least, after you have made the changes under Log Settings to send logs to the FortiAnalyzer IP (it won't connect successfully yet).  Then from the CLI:

 

config log fortianalyzer setting

    set source-ip <FortiGate Internal IP>

 

You'll need to have your routes and security policies defined to allow this.

valter
valterAuthor
New Member
November 3, 2017

Thanks

 

i found this option

 

config user fsso     edit "NAME"         set server "xx.xx.xx.xx"         set source-ip xx.xx.xx.xx

end

tanr
tanr
New Member
November 3, 2017

Ah, sorry, misread FortiAuthenticator as FortiAnalyzer.  Looks like you found the solution anyway!

Terms & ConditionsAccessibility statement