FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nsubramanian
Staff
Staff
Article Id 194903

Description

 
This article describes how to control/change the FortiGate source IP for self-generated traffic.
 
At times, an upstream device (a FortiGate placed behind another Router / Firewall) accepts only traffic from a specific IP address. 
In some cases, there may be a private IP configured in the FortiGate WAN interface as there is a upstream device.
 
Scope
 
FortiGate.


Solution

 

By default, the source IP is the one from the FortiGate egress interface.
 
For FortiGuard Services :
 
config system fortiguard
set port 8888
set source-ip 0.0.0.0     <- Set the desired IP allowed in upstream.
set source-ip6 ::
end
 
For DNS Service:
 
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
set source-ip 0.0.0.0      <- Set the desired IP allowed in upstream.
end
 
For a radius server when the servers are located in a remote location and reachable through an IPSec tunnel:
 
config user radius
edit "server_name"
set source-ip 0.0.0.0                           <- Set the desired IP allowed in upstream.
end
 
For an LDAP server when the servers are located in a remote location and reachable through an IPSec tunnel.
 
config user ldap
edit "server_name"
set source-ip 0.0.0.0                               <- Set the desired IP allowed in upstream.
end

 

Related articles:

Technical Tip: How to control/change the FortiGate source IP for self-originating traffic : SNMP , S....