Skip to main content
Soufian
Soufian
New Member
October 5, 2022
Question

traffic that originates from the FortiGate going to external to DNS GOOGLE

  • October 5, 2022
  • 4 replies
  • 3427 views

I need help please: I have fortigate 601e firmware v6.2.3 my problem is the traffic that comes from the FortiGate is going outside the GOOGLE DNS, use the dot interface IP address point -to-point for more security I want to use the Nat service for this type of traffic. I can't find how. can someone help me please?

 

 

 

4 replies

AEK
SuperUser
AEK
SuperUser
October 5, 2022

Hi Soufian

You can specify on CLI the source interface & IP that is used when sending DNs request.

config system dns
set source-ip x.x.x.x

 

AEK
Soufian
SoufianAuthor
New Member
October 5, 2022

my fortigate sends traffic with a source ip of the interface which is connected to the WAN. I want to do a nat for this source ip address.

example of source ip address:
source ip 195.12.5.3 i want to make for this address that uses for local fortigate traffic a NAT to hide it 

Thanks  

AEK
SuperUser
AEK
SuperUser
October 5, 2022

Hi Soufian

I don't know a way to NAT FGT's self generated traffic like we can do on PAN.

The only way to do in your case is "set source-ip" for dns config as explained already.

AEK
Debbie_FTNT
Staff & Editor
Debbie_FTNT
Staff & Editor
October 5, 2022

Hey Soufian,

you can define source IPs in FortiGate for traffic that it generates and sends itself.

For example, for DNS traffic:

 

config system dns

set source-ip <IP>

end

 

This causes the FortiGate to send out traffic with the specified source IP to the external DNS servers when it needs to do a DNS lookup.

You can set source IPs via CLI for a lot of config items; you would need to know why FortiGate speaks to google DNS (DNS server settings, link-health-monitors, etc), and set source IPs in the corresponding CLI config.

Soufian
SoufianAuthor
New Member
October 11, 2022

Thanks so much  :D that its work :D

Debbie_FTNT
Staff & Editor
Debbie_FTNT
Staff & Editor
October 12, 2022

Great to hear :)

JollyJohn
JollyJohn
New Member
January 24, 2025

EDIT - The issue was an old FortiManager that thought it was managing the box. I deleted that, and the config stays.

I've used set source ip to solve this problem for other Fortinet services (FortiAnalyser, etc...), and it works well - BUT - when I try it on DNS, it works for about 60 seconds, then the source IP reverts to 0.0.0.0 (unset), and the traffic goes back to the interface IP, causing the service to stop. Does anyone have a suggestion on why the IP would change for 60 seconds and then change back?


Firmware: v7.4.6 build2726 (Mature)

 

Divide by cucumber - LOL!

Terms & ConditionsAccessibility statement