Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FG-PioneerClient
New Contributor

How to View the Real Source IP?

I am using a VIP for an internal web server, the problem that that the web logs shows the Source IP of the users accessing the web as the FG' s internal interface IP is there a way to configure the FG to pass the real source IP Address?
13 REPLIES 13
romanr
Valued Contributor

Your " wan -> internal" policy seems to have NAT enabled, which is not needed there. So you nat the external clients behind your internal firewall IP... The VIP configuration handles the destination NAT itself. br, Roman
FG-PioneerClient
New Contributor

Roman, I don' t NAT enabled on the Policy, because the NAT is already done by the VIP.. Thanks, Shamsan
rwpatterson

What IP address is your server seeing? If it' s the inside address of the Fortigate unit, then NAT is enabled. If it' s something else, look to that device for NAT enabled.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
FG-PioneerClient
New Contributor

If you meant the Operation Mode yes it is NAT I am trying to configure the FG to pass the real source IP it receives, that I am seeing in Traffic Log ..
ede_pfau
SuperUser
SuperUser

We could help you more if you gave more information. Please post the VIP definition and the policy it is used in. Copy&paste from the console window:
 config firewall vip
    show
 
 config firewall policy
    edit <n>
       show
 
 
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
FG-PioneerClient
New Contributor

Sure, here you go config firewall vip show edit " HTTP" set extip 10.10.10.10 set extintf " port26" set portforward enable set mappedip 1.1.1.1 set extport 80 set mappedport 80 next config firewall policy edit <n> show config firewall policy edit 1000 set srcintf " port26" set dstintf " port25" set srcaddr " all" set dstaddr " HTTP" set action accept set schedule " always" set service " HTTP" set logtraffic enable set logtraffic-app disable next end
emnoc
Esteemed Contributor III

What might also be beneficial is a snippet of your weblogs, and example or clue as to what src-address is being logged in you weblog using the configuration your providing. In the VIP your showing, I typically don' t use port-forwarding but map the vip in fashion like the following when dealing with web services; edit " VIP_38_xx7_8x_35-web02" set extip 38.xx7.8x.35 set extintf " EXT_NET01" set mappedip 10.10.100.31 next maybe the behavior of a mapped ipaddress that' s portforward vrs non-portforward is different.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
FG-PioneerClient
New Contributor

Actually the weblog is just showing the internal interface of the FG, which is the gateway of the web server.. I have tried removing Port Forwarding but still the same ..
GusTech
Contributor II

I`m not sure, but if you have disabled all NAT. Try to remove extip or set 0.0.0.0

Fortigate <3

Fortigate <3
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors