FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 194396

This article provides the command to check the use of 'source-ip' option in the overall FortiGate configuration for FortiGate self-generated traffic.

In FortiGate, it is possible set the 'source-ip' to be used by the FortiGate to communicate with respective server for below configurations/services.

# config system fortiguard
# config system email-server
# onfig system snmp user
# config system dns

Use below command to see which services is set to use 'source-ip'.


# get system source-ip status

Example output.

# get system source-ip status

The following services force their communication to use a specific source IP address:

service=NTP source-ip=
service=DNS source-ip=
service=Fortiguard source-ip=
service=Alert Email source-ip=
=======finished getting system source-ip status=======

Use below command to check the use of' source-i'p in the different services configuration

To print the total number of 'source-ip' usage in the overall configuration , use below command:

# show | grep -c "source-ip"
5                           <-----

To fetch the setting where source-ip is used, use below command:

# show | grep -n -B5 "source-ip"

192-config system netflow
193-    set collector-ip
194-    set collector-port 333
195:    set source-ip
1987-config system cluster-sync
1989-config system fortiguard
1990-    set update-server-location usa
1991-    set sdns-server-ip ""
1992:    set source-ip