Created on 10-16-2020 06:07 AM Edited on 02-05-2024 01:05 AM By Jean-Philippe_P
Description
This article provides the command to check the use of 'source-ip' option in the overall FortiGate configuration for FortiGate self-generated traffic.
Solution
In FortiGate, it is possible set the 'source-ip' to be used by the FortiGate to communicate with respective server for below configurations/services.
# config system fortiguard
# config system email-server
# onfig system snmp user
# config system dns
Use below command to see which services is set to use 'source-ip'.
Syntax.
# get system source-ip status
Example output.
# get system source-ip status
The following services force their communication to use a specific source IP address:
service=NTP source-ip=10.40.16.20
service=DNS source-ip=172.31.128.20
service=Fortiguard source-ip=172.31.128.20
service=Alert Email source-ip=172.31.128.20
=======finished getting system source-ip status=======
Use below command to check the use of' source-i'p in the different services configuration
To print the total number of 'source-ip' usage in the overall configuration , use below command:
# show | grep -c "source-ip"
5 <-----
To fetch the setting where source-ip is used, use below command:
# show | grep -n -B5 "source-ip"
192-config system netflow
193- set collector-ip 1.1.1.1
194- set collector-port 333
195: set source-ip 10.40.16.20
--
1987-config system cluster-sync
1988-end
1989-config system fortiguard
1990- set update-server-location usa
1991- set sdns-server-ip "208.91.112.220"
1992: set source-ip 172.31.128.20
1993-end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.