FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nithincs
Staff
Staff
Article Id 194396

Description
This article provides the command to check the use of 'source-ip' option in the overall FortiGate configuration for FortiGate self-generated traffic.

Solution
In FortiGate, it is possible set the 'source-ip' to be used by the FortiGate to communicate with respective server for below configurations/services.

# config system fortiguard
# config system email-server
# onfig system snmp user
# config system dns

Use below command to see which services is set to use 'source-ip'.

Syntax.

# get system source-ip status

Example output.

# get system source-ip status

The following services force their communication to use a specific source IP address:

service=NTP source-ip=10.40.16.20
service=DNS source-ip=172.31.128.20
service=Fortiguard source-ip=172.31.128.20
service=Alert Email source-ip=172.31.128.20
=======finished getting system source-ip status=======


Use below command to check the use of' source-i'p in the different services configuration

To print the total number of 'source-ip' usage in the overall configuration , use below command:

# show | grep -c "source-ip"
5                           <-----

To fetch the setting where source-ip is used, use below command:

# show | grep -n -B5 "source-ip"

192-config system netflow
193-    set collector-ip 1.1.1.1
194-    set collector-port 333
195:    set source-ip 10.40.16.20
--
1987-config system cluster-sync
1988-end
1989-config system fortiguard
1990-    set update-server-location usa
1991-    set sdns-server-ip "208.91.112.220"
1992:    set source-ip 172.31.128.20
1993-end