Description
This article describes how to use a source IP for internal workings.
Solution
In this scenario, it’s assumed that Fortigate is behind a router/firewall that only allows traffic coming with a source IP address x.x.x.x
Normally, an IPPool can be configured and added to IPv4 policies to SNAT all internal traffic, however, it can’t SNAT local traffic that is specific to the internal workings of FortiOS like DNS, FortiGuard services, FortiManager connection IP, FortiAnalyzer logging, Syslog, alert email, SNMP and authorization requests.
Therefore, a loopback interface is to be created with the IP address x.x.x.x
Examples:
FortiGuard system:
This article describes how to use a source IP for internal workings.
Solution
In this scenario, it’s assumed that Fortigate is behind a router/firewall that only allows traffic coming with a source IP address x.x.x.x
Normally, an IPPool can be configured and added to IPv4 policies to SNAT all internal traffic, however, it can’t SNAT local traffic that is specific to the internal workings of FortiOS like DNS, FortiGuard services, FortiManager connection IP, FortiAnalyzer logging, Syslog, alert email, SNMP and authorization requests.
Therefore, a loopback interface is to be created with the IP address x.x.x.x
#Config system interfaceThen, it can be added as a source-ip to the local service.
edit "local-interface"
set vdom "root"
set ip x.x.x.x 255.255.255.255
set type loopback
next
end
Examples:
FortiGuard system:
#Config sys fortiguardDNS system:
set source-ip x.x.x.x
end
#config sys dns
set source-ip x.x.x.x
end