We need the ability to see the external IP address of clients that are browsing sites that we are hosting behind the Fortigate firewall. Here is a brief overview of our setup [image][/image] What we need to be able to do is see the actual external IP address (1.2.3.4) of customers that are browsing web sites that we are hosting internally. As of right now, if a customer is browsing a site that is internet facing, if we view the logs on our load balancer, all external traffic looks like it is coming from the Fortigate firewall (10.50.1.1). Here is an example log output from our HAProxy load balancer Mar 10 00:04:03 haproxy2 haproxy[2166293]: 10.50.1.1:62232 [10/Mar/2021:00:04:03.640] localhost~ titu_cluster/titu11 0/0/0/2/3 200 64577 - - ---- 28/28/3/63/0 0/0 "GET /images/base_models/18865.jpg HTTP/1.1" Mar 10 00:04:03 haproxy2 haproxy[2166293]: 10.50.1.1:62235 [10/Mar/2021:00:04:03.639] localhost~ titu_cluster/titu12 0/0/1/2/5 200 95530 - - ---- 28/28/2/47/0 0/0 "GET /images/base_models/18867.jpg HTTP/1.1" Is there some way to forward the traffic from the Fortigate firewall to our load balancer (10.6.9.53) so we capture the external IP address? Here is an example of what we would like to be able to see on our end: Mar 10 00:04:03 haproxy2 haproxy[2166293]: 1.2.3.4:62232 [10/Mar/2021:00:04:03.640] localhost~ titu_cluster/titu11 0/0/0/2/3 200 64577 - - ---- 28/28/3/63/0 0/0 "GET /images/base_models/18865.jpg HTTP/1.1" Mar 10 00:04:03 haproxy2 haproxy[2166293]: 1.2.3.4:62235 [10/Mar/2021:00:04:03.639] localhost~ titu_cluster/titu12 0/0/1/2/5 200 95530 - - ---- 28/28/2/47/0 0/0 "GET /images/base_models/18867.jpg HTTP/1.1" Mar 10 00:04:03 haproxy2 haproxy[2166293]: 1.2.3.4:62234 [10/Mar/2021:00:04:03.640] localhost~ titu_cluster/titu13 0/0/1/4/6 200 73454 - - ---- 28/28/3/105/0 0/0 "GET /images/base_models/18869.jpg HTTP/1.1" We have configured our load balancer to forward the external IP address of visitors to our website, but we are still seeing 10.50.1.1 as the source IP in the logs on the load balancer. Thanks!
Solved! Go to Solution.
The image is not uploaded correct.
Guessing you are using VIP to allow access to the server, consider enabling X-Forwarded-For on the Fortigate, haproxy can use it for real IP addresses of the clients:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD44109
________________________________________________________
--- NSE 4 ---
________________________________________________________
yeah it would help to see your diag and the policy but something tell me you have egress interface NAt going on. So for traffic hitting the WAN the original src.ip is nat'd to the egress interface after the route-lookup.
diag debug flow , will show this and the policy fwiw
Ken Felix
PCNSE
NSE
StrongSwan
The image is not uploaded correct.
Guessing you are using VIP to allow access to the server, consider enabling X-Forwarded-For on the Fortigate, haproxy can use it for real IP addresses of the clients:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD44109
This worked. Thank you!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1768 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.