FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 193084


For self-originating (ping, backup, snmp) traffic through VPN, when source-ip is not configured, FortiGate will use the IP from the egress interface (interface with the lowest index shown in "diagnose ip address list"), as described here:


This article describes how to configure IP address on an IPSec tunnel interface.

It also applies to automatic configuration backup when sent over an IPSEC tunnel to a remote location:

Technical Tip: How to take backup from CLI using secure FTP (SFTP) protocol


To be sure about the source IP that FortiGate will use for the self-originating traffic, configure an IP address for the IPSec interface.

# config system interface
    edit "Dial"
        set vdom "root"
        set ip
        set allowaccess ping
        set type tunnel
        set snmp-index 12
        set interface "wan1"

Related Articles

Technical Tip : How to control/change the FortiGate source IP for self-originating traffic : SNMP , ...