Hello, currently I just did a setup of tacacs+ on FortiGate 100D v5,2,5 build 701. After all this config, I put the command "source-ip" because I wanted to use an internal address to make request for tacacs. But after doing a test under the GUI for connectivity, I realized that my "set source-ip" command is not considered, because the petitions for tacacs go from the egress interface as if the "source-ip" command is not take into consideration, and it fails. What is wrong with the config? Did I miss something? Actually when I run the command "get system source-ip status" it states that tacacs is using 192.168.145.1 as I configured, but in the sniffer capture it shows the egress interface making the requests, which is not correct. Any ideas? please.
Regards,
Any ideas please?
Regards,
I've learned there is a bug if you try to source from a Loopback address, same behavior, is that what you are doing? If so try a Physical interface (not sure I can even use a VLAN interface!)
This is not a bug, this is a limitation in the test command that you can't "set the source ip". if you run the diag test command from the cli you have the exact same problem btw.
Kem
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.