Skip to main content
FOrtiBen
FOrtiBen
New Member
March 30, 2019
Question

VIP source address question

  • March 30, 2019
  • 2 replies
  • 3794 views

Hi,

I have configured VIP (1:1 NAT) to allow external SFTP access from the internet into our server. The connection works but why the source address logged on the FTP server is the internal LAN IP address of the Fortigate instead of the actual src add of the SFTP client? Is this a normal behaviour of Fortigate? Is there a way to force the FortiGate not to replace the original src add?   

Thanks in advance.

2 replies

Markus
Markus
New Member
March 30, 2019
Hi and welcome to the forums I assume you have Nat enabled. Just disable Nat on the policy. Best
ede_pfau
SuperUser
ede_pfau
SuperUser
March 30, 2019

The NAT checkbox in the policy setup enforces source NAT to the address of the outbound interface. You only want to use VIP for destination NAT.

FOrtiBen
FOrtiBenAuthor
New Member
April 1, 2019

Thank you all.  Unticking the NAT box on the policy works.

Terms & ConditionsAccessibility statement