FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Serxhio
Staff
Staff
Article Id 371500
Description This article describes how FortiGate chooses the source IP for local-out traffic.
Scope FortiGate.
Solution

The definition of 'Local-out traffic' stands for traffic origination from the FortiGate (self-originating traffic), destined to external servers and services.  

For example Syslog, FortiAnalyzer logging, FortiGuard services, remote authentication, ping or traceroutes from the FortiGate.

 

Normally, the FortiGate decides how to send this traffic based on its routing table (RIB). 

 

get routing info routing-table all

 

It selects the IP of the outgoing interface as the source IP of the traffic.

 

If the interface has no IP assigned (for example, IPsec interface), it will choose the IP of the interface with the lowest index as the source IP. The traffic will still be forwarded by the interface selected by the routing table lookup.

 

To see the IPs assigned to the interfaces and their index numbers:

 

diag ip address list

 

kb dia ip.png