Technical Tip: Stitch for FTP backup use wan IP

acardona · ‎02-25-2025

Description

This article describes the behavior when using automation Sitch it is not possible to use source IP.

Scope

FortiGate.

Solution

When the Automation stitch executes the FTP backup and the remote server is through an IPsec VPN, the FortiGate will use the Wan IP of the FortiGate to perform the connection.

Follow sniffer as example:

filters=[host 10.19.131.120]
10.913388 VPN_Lab out 192.168.1.10.7921 -> 10.19.131.120.222: syn 272142190
11.909013 VPN_Lab out 192.168.1.10.7921 -> 10.19.131.120.222: syn 272142190

By default, the local out traffic uses the interface IP of lowest index value, hence the source is showing as 192.168.1.10.

Due to Phase 2 selectors or routing from the other site this could impact the FTP connection. To correct this, an IP address in the VPN interface can be configured.

config system interface
edit "VPN_Lab"
set vdom "root"
set ip 172.19.1.1 255.255.255.255
set remote-ip 172.19.1.2 255.255.255.0
set snmp-index 9
set interface "port1"
next
end
end

The sniffer shows the IP used for the connection of the VPN.

filters=[host 10.19.131.120]
10.913388 VPN_Lab out 172.19.1.1.7921 -> 10.19.131.120.222: syn 272142190
11.909013 VPN_Lab out 172.19.1.1.7921 -> 10.19.131.120.222: syn 272142190

Note:

This is the expected behavior, it is not possible to configure source IP in the FTP connection.

Technical Tip: Stitch for FTP backup use wan IP

You are leaving our website