Hello,
I have a Fortigate 3000 running V5.6.3. Its external ethernet interface, connected to the Internet router, has a private IP address.
The problem is that it cannot reach the Fortinet site because its subscription information (sandboxing, signatures, virus, etc) self-generated outgoing IP packets are sent to Internet with its external interface private source IP address instead of the global IP it should use to be properly routed.
I would really appreciate any example of help in how to perform SNAT for its self generated traffic to Internet.
I created an outgoing policy performing SNAT from an IP Pool containing the IP public address. And this works perfectly for some internal hosts needing some direct access to Internet. The problem is that I cannot find the way to do the same for the Fortigate self-generated traffic.
Regards in advance.
Albert.
Go to cli
config global (only if you apply vdom)
config system fortiguard
set source-ip x.x.x.x -> Put your WanIP
end
you should do the same for config system dns
Do you have a any public reached address assigned on the firewall? You could set one to a loopback , allow a policy from loopback to wan1 service any and the fortiguard services.
Typically you do NOT do this and just use a public-assigned address to the firewall. Alternative if you have a inside proxy you could defined that and use it for allowing the traffic thru.
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36587
YMMV
Ken
PCNSE
NSE
StrongSwan
This might mean that traffic going out from your fortigate itself does for whatever reason not get NATted - neither by your fortigate nor your router that is in front of it. Then and only then could traffic go out to the internet with that source ip.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.