Created on 12-13-2020 11:29 PM Edited on 03-21-2022 03:22 AM By Anthony_E
Description
For self-originating (ping, backup, snmp) traffic through VPN, when source-ip is not configured, FortiGate will use the IP from the egress interface (interface with the lowest index shown in "diagnose ip address list"), as described here:
This article describes how to configure IP address on an IPSec tunnel interface.
It also applies to automatic configuration backup when sent over an IPSEC tunnel to a remote location:
Technical Tip: How to take backup from CLI using secure FTP (SFTP) protocol
Solution
To be sure about the source IP that FortiGate will use for the self-originating traffic, configure an IP address for the IPSec interface.
# config system interface
edit "Dial"
set vdom "root"
set ip 172.26.138.69 255.255.255.255
set allowaccess ping
set type tunnel
set snmp-index 12
set interface "wan1"
next
end
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.