FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jasri
Staff
Staff
Description
This article describes how to enable multiple outgoing IP for explicit web-proxy.

Solution
In order to configure multiple outgoing IP for explicit web-proxy, you need to configure the secondary IP in the external interface for outgoing traffic.

1. Configure multiple secondary IP:
config system interface
    edit "port1"
        set vdom "root"
        set ip 10.1.1.73 255.255.252.0
        set allowaccess ping https ssh http telnet
        set type physical
        set snmp-index 1
        set secondary-IP enable
        config secondaryip
            edit 1
                set ip 10.1.0.214 255.255.252.0
            next
            edit 2
                set ip 10.1.0.215 255.255.252.0
            next
        end
    next
end
2. Enable multiple outgoing IP address in explicit webproxy setting:
config web-proxy explicit
    set status enable
    set http-incoming-port 8080
    set outgoing-ip 10.1.0.214 10.1.0.215
end

3. Run sniffer command to verify if both IP are being used for outgoing traffic:
diag sniffer packet port1 ‘host 10.1.0.214’ 4 0 l
diag sniffer packet port1 ‘host 10.1.0.215’ 4 0 l

Contributors