Description
This article describes how to control/change the FortiGate source IP for self-generated traffic.
At times, an upstream device (a FortiGate placed behind another Router / Firewall) accepts only traffic from a specific IP address.
In some cases, there may be a private IP configured in the FortiGate WAN interface as there is a upstream device.
Scope
FortiGate.
Solution
By default, the source IP is the one from the FortiGate egress interface.
For FortiGuard Services :
config system fortiguard
set port 8888
set source-ip 0.0.0.0 <- Set the desired IP allowed in upstream.
set source-ip6 ::
end
For DNS Service:
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
set source-ip 0.0.0.0 <- Set the desired IP allowed in upstream.
end
For a radius server when the servers are located in a remote location and reachable through an IPSec tunnel:
config user radius
edit "server_name"
set source-ip 0.0.0.0 <- Set the desired IP allowed in upstream.
end
For an LDAP server when the servers are located in a remote location and reachable through an IPSec tunnel.
config user ldap
edit "server_name"
set source-ip 0.0.0.0 <- Set the desired IP allowed in upstream.
end
Related articles:
Technical Tip: How to control/change the FortiGate source IP for self-originating traffic : SNMP , S....