Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Local traffic not using the right source IP

Hello all,


I try to configure tacacs+ authentication but the the local tacacs traffic leaving the forti does not have the correct source IP.

To leave the forti it uses the source IP address of the outgoing interface which is wrong. I would like it to have the source Ip of the management interface mgmt1.

Forward traffic is using the same outgoing interface but with the correct source IP which are not the ip of this interface.


I did snmp config which is correclty using mgmt1 source ip.

I have only one vdom activated which is root and includes all physical interfaces.

In the tacacs config I tryed to set source-ip with mgmt1 IP but I get an error saying node_check_object_fail for source ip.


The only difference I see between snmp and tacacs config is where you do it: snmp is done globally, tacacs was don in the vdom root. mgmt1 interface in menu Network>Interface has no vdom whereas all the other have. There is no gui entry to change mgmt1 vdom.


Help would be apreciated to have tacacs traffic with the right source IP.


THank you.

New Contributor III



Please use the following commands in the CLI of the FortiGate to change the source IP:


config user tacacs+

edit <Name>

set source-ip <Source IP>




Let us know if that works or not.







New Contributor

Hi Patel,


This is exactly what I tryed, putting source IP the IP of the mgmt1 interface: 10.35.x.x

But I got an error:


10.35.x.x is not valid source ip.

node_check_object_fail! for source-ip 10.35.x.x

value parse error before '10.35.x.x'

Command fail. Return code -0


Running FortiOS v6.0.4 build 231 on a cluster of two 3000D


Thank you.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors