| Description | This article describes a common issue encountered when configuring a FortiGate virtual server in Azure where the original source IP of the traffic is not preserved and offers a solution. |
| Scope | FortiGate in Public Cloud. |
| Solution |
When traffic flows from internal hosts to a server using the virtual server, the FortiGate performs SNAT (Source Network Address Translation) using the FortiGate's internal port, resulting in the loss of the original source IP. This article provides an explanation of how to retain the original source IP by enabling the 'Preserve client IP' feature in the virtual server configuration.
When utilizing a FortiGate virtual server on Azure to allow and forward traffic to internal hosts, the FortiGate's outgoing traffic is subjected to SNAT with the FortiGate's internal port as the source, thereby altering the original source IP. This can pose a challenge, particularly when dealing with HTTP or HTTPS traffic, where preserving the original source IP is crucial for various purposes.
Enabling this feature allows the FortiGate to copy the original IP address into the X-Forwarded-For header, ensuring the preservation of the source IP throughout the traffic flow.
|
