Description
This article provides the command to check the use of 'source-ip' option in the overall FortiGate configuration for FortiGate self-generated traffic.
Solution
In FortiGate, it is possible set the 'source-ip' to be used by the FortiGate to communicate with respective server for below configurations/services.
# config system fortiguard
# config system email-server
# onfig system snmp user
# config system dns
Use below command to see which services is set to use 'source-ip'.
Syntax.
# get system source-ip status
Example output.
# get system source-ip status
The following services force their communication to use a specific source IP address:
service=NTP source-ip=10.40.16.20
service=DNS source-ip=172.31.128.20
service=Fortiguard source-ip=172.31.128.20
service=Alert Email source-ip=172.31.128.20
=======finished getting system source-ip status=======
Use below command to check the use of' source-i'p in the different services configuration
To print the total number of 'source-ip' usage in the overall configuration , use below command:
# show | grep -c "source-ip"
5 <-----
To fetch the setting where source-ip is used, use below command:
# show | grep -n -B5 "source-ip"
192-config system netflow
193- set collector-ip 1.1.1.1
194- set collector-port 333
195: set source-ip 10.40.16.20
--
1987-config system cluster-sync
1988-end
1989-config system fortiguard
1990- set update-server-location usa
1991- set sdns-server-ip "208.91.112.220"
1992: set source-ip 172.31.128.20
1993-end
