Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ppatel
Staff
Staff

Created on ‎07-05-2016 06:42 AM Edited on ‎03-07-2025 07:27 AM By Moderator

Article Id 196525

Technical Tip: How to set source IP address for FSSO, LDAP and Radius

Description

 
This article describes how to set the source IP address in order to connect FSSO, LDAP and Radius when the closest interface does not have an IP address.

 

Scope

 

FortiGate.


Solution


For FSSO.

 

config user fsso
    edit <FSSO object name>
        set source-ip <IP address associated an interface>
    end

 

For LDAP.

 

config user ldap
    edit <LDAP object name>
        set source-ip <IP address associated an interface>
    end

 

For RADIUS:

 

config user radius

    edit <radius object name>

        set source-ip <IP address associated an interface or client configured on radius server>

    end

 

WARNING:
This setting does not exist for local polling.

 

config user fsso
    edit "Local FSSO Agent"
end

Note:

The source-IP should be configured/assigned as interface IP.
If the traffic is going over the IPsec tunnel, the source-ip should match the Local Address/Remote Address in Phase2 selector on both Firewalls.

Labels:
22507
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.