- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- NATing a DMZ Wan address on a Fortigate 40F - Help...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NATing a DMZ Wan address on a Fortigate 40F - Help needed
Hi all,
I am configuring a 40F for a small branch site, using a VPN to the main core site. The VPN is up and running, but I am having problems with access to the core FortiManager and out to FortiGuard.
The FW is on a private address behind an ISP router.
The problem is that the FW is using the 192.168 IP from the inside of the ISP's router as the source for the FW originating traffic.
Is there a way to set the source to a routable address ?
Cormac Champion
Solved! Go to Solution.
Cormac Champion
Labels:
- Labels:
-
FortiGate
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can define source IP for FortiManager and FortiGuard settings in FortiGate Firewall as below.
config system central-management
set type fortimanager
set fmg "FMG-IPADDRESS"
set fmg-source-ip X.X.X.X
end
config system fortiguard
set source-ip X.X.X.X
end
Hope this is what you are looking for.
Best Regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @championc1 ,
If you want to ping/traceroute from CLI and specify a source IP/interface use below options.
For ping
# execute ping-options source <IP-of Source-Interface>
# execute ping <DST-IP>
For traceroute
# #execute traceroute-options source <IP-of Source-Interface>
# execute traceroute <DST-IP>
BTW, thank you for sharing the get command.
Best Regards,
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can define source IP for FortiManager and FortiGuard settings in FortiGate Firewall as below.
config system central-management
set type fortimanager
set fmg "FMG-IPADDRESS"
set fmg-source-ip X.X.X.X
end
config system fortiguard
set source-ip X.X.X.X
end
Hope this is what you are looking for.
Best Regards,
Created on 07-27-2023 01:07 PM Edited on 07-27-2023 01:26 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for that
Is there a way to source commands from the CLI ?
I think FortiManager is sorted, but FortiGuard is not, but since FortiGuard needs to route out to the internet, there may well be a missing rule in the core somewhere, but all looking good now (apart from CLI pinging / traceroute etc.)
I found details of a very useful command, which may help others in the future
get system source-ip status
Cormac Champion
Cormac Champion
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @championc1 ,
If you want to ping/traceroute from CLI and specify a source IP/interface use below options.
For ping
# execute ping-options source <IP-of Source-Interface>
# execute ping <DST-IP>
For traceroute
# #execute traceroute-options source <IP-of Source-Interface>
# execute traceroute <DST-IP>
BTW, thank you for sharing the get command.
Best Regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you can set the source IP address for the FortiGate's outgoing traffic to a routable address. To do this, you will need to configure Source NAT (SNAT) on the FortiGate. SNAT allows you to change the source IP address of packets leaving the FortiGate to a specific IP address or IP range.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Disabling Initiate Traffic from FortiGate to... 169 Views
- FortiGate drops traceroute UDP 72 Views
- FortiGate/FortiManager communication over NAT 81 Views
- need to have image of fortigate... 195 Views
- which ISDB to use for Office... 82 Views
Labels
-
FortiGate
7,139 -
FortiClient
1,408 -
5.2
801 -
5.4
639 -
FortiManager
619 -
FortiAnalyzer
454 -
6.0
416 -
FortiAP
373 -
FortiSwitch
369 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
6.4
128 -
FortiNAC
126 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
103 -
FortiGateCloud
97 -
FortiSIEM
94 -
FortiCloud Products
89 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
48 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
39 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiSandbox
33 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
LDAP
18 -
Interface
18 -
FortiSwitch v6.2
17 -
VDOM
17 -
Routing
16 -
FortiMonitor
15 -
Authentication
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSL SSH inspection
10 -
SSO
10 -
FortiRecorder
10 -
Application control
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
4.0
7 -
Admin
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
IPS signature
5 -
Packet capture
5 -
Automation
5 -
DNS Filter
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiCache
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Web rating
4 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Fortinet Engage Partner Program
3 -
Traffic shaping profile
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1059 | |
| 883 | |
| 525 | |
| 441 | |
| 147 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.