FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
krajaa
Staff
Staff
Description
The TLS active probe needs to initiate connections from the FortiGate itself.
For some transparent VDOMs which do not have the proper routing, the probe attempts will fail.

Scope
For version 6.2.6 and above, verion 6.4.4 and above.

Solution
In such scenario, Customer can manually configure out-going interface, source IP and vdom for the
IPS TLS active probe connection.

CLI Commands.
# config ips global
# config tls-active-probe
    set interface-selection-method <auto|sdwan|specify>
    set interface <intf name>            <----- When method 'specify'
    set vdom <vdom name>                 <----- When method 'sdwan' or 'specify'
    set source-ip <source_ipv4>          <----- When method 'sdwan' or 'specify'
    set source-ip6 <source_ipv6>         <----- When method 'sdwan' or 'specify'
  end
end
set interface-select-method:Specify how to select outgoing interface to reach server.
auto                                                                   <----- Set outgoing interface automatically.
sdwan                                                                 <----- Set outgoing interface by SD-WAN or policy routing rules.
specify                                                                <----- Set outgoing interface manually.

Contributors