Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
net_he
New Contributor

How does Fortigate determine the source-ip address for SSH/telnet, etc

My Fortigate has multiple Layer3 internal interfaces and 2 internet interfaces, as well as a ipsec vpn tunnel. I want to use CLI " execute ssh" to ssh to a remote device through the VPN tunnel, I am wondering how Fortigate system determines which ip address to use to initiate SSH. The same kind of question is applied to Telnet, traceroute, backup ftp/tftp. I know I can configure source-ip for ping, radius, snmp. Thanks.
1 REPLY 1
emnoc
Esteemed Contributor III

FWIW The outgoing interface towards the remote ip_address would be the interface. If your trying to restrict SSH, just apply allowaccess only on the interfaces that you want.. I really wish fortigate would have a set source-interfaces command for traffic like radius/tacacs and or allow you to use the loopback address for these connections.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors