FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to use a source IP for internal workings.
Solution In this scenario, it’s assumed that Fortigate is behind a router/firewall that only allows traffic coming with a source IP address x.x.x.x
Normally, an IPPool can be configured and added to IPv4 policies to SNAT all internal traffic, however, it can’t SNAT local traffic that is specific to the internal workings of FortiOS like DNS, FortiGuard services, FortiManager connection IP, FortiAnalyzer logging, Syslog, alert email, SNMP and authorization requests.
Therefore, a loopback interface is to be created with the IP address x.x.x.x
#Config system interface edit "local-interface" set vdom "root" set ip x.x.x.x 255.255.255.255 set type loopback next end
Then, it can be added as a source-ip to the local service.
