Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
yangw
Staff
Staff

Created on ‎04-15-2024 01:00 AM Edited on ‎04-15-2024 01:01 AM By Community Manager

Article Id 309735

Troubleshooting Tip: Destination server end always shows the source client's IP as FortiGate Transparent VDOM's mgmt IP

Description This article describes that the destination server end always shows the source client's IP as FortiGate Transparent VDOM's mgmt IP, it should see the source host IP address in the transparent network topology (same subnet on ingress and egress network).
Scope FortiGate v7.2.
Solution

Network topology in FortiGate Transparent mode:

Source IP :163.27.3.39

Destination IP: 34.83.44.187

 

163.27.3.39 - x3(163.27.3.0) - FortiGate (Transparent mode) - x4(163.27.3.0) - 34.83.44.187 

 

Investigate the session details by the commands below:

 

diagnose sys session filter dst 34.83.44.187  <-----  destination IP address.

diagnose sys session filter src 163.27.3.39     <----- Source IP address.

diagnose sys session list

session info: proto=6 proto_state=01 duration=26 expire=3573 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/0
state=log may_dirty br npu f00
statistic(bytes/packets/allow_err): org=92/2/1 reply=52/1/1 tuples=2
tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0
orgin->sink: org pre->post, reply pre->post dev=33->34/34->33 gwy=0.0.0.0/0.0.0.0
hook=post dir=org act=snat 163.27.3.39:53293->34.83.44.187:443(163.27.3.251:53293)   <----- The source IP address has been done by the source NAT option as the Transparent mode manage IP address.
hook=pre dir=reply act=dnat 34.83.44.187:443->163.27.3.251:53293(163.27.3.39:53293)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=1 pol_uuid_idx=2019 auth_info=0 chk_client_info=0 vd=1  <-----  Matched the policy rule id 1.
serial=04b4edff tos=ff/ff app_list=0 app=0 url_cat=0
rpdb_link_id=00000000 ngfwid=n/a
npu_state=0x000c00 ofld-O ofld-R
npu info: flag=0x81/0x81, offload=8/8, ips_offload=0/0, epid=91/90, ipid=90/91, vlan=0x0000/0x0000
vlifid=90/91, vtag_in=0x0000/0x0000 in_npu=1/1, out_npu=1/1, fwd_en=0/0, qid=0/4
total session 1

 

config firewall policy
    edit 1                              <----- Policy ID 1.
        set uuid 4d8232e0-bb30-51ee-d15b-8fe278785cfa
        set srcintf "x3"
        set dstintf "x4"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "OUT-02-DMZ to UnTrust Advance"
        set logtraffic all
        set nat enable   <----- Disable the 'nat' option and clear the current session to get the expected results.
    next
290
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.