Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
valter
New Contributor

Created on ‎11-02-2017 01:12 PM

Traffic from Fortigate through VPN

Hello. I need to link the Fortigate with the FortiAuthenticator through VPN. I created a site-to-site tunnel, everything works, hosts communicate between sites, but fortigate sends its local traffic from the wan interface (public address). What should I do to connect Fortigate and FortiAuthenticator?

the tunnels are in policy mode diagnose debug flow: id=20085 trace_id=398 func=ipsec_output_finish line=525 msg="send to public_address_site1 via intf-port10" id=20085 trace_id=399 func=print_pkt_detail line=5363 msg="vd-root received a packet(proto=6, public_address_site1:7158->local_address_site2:8000) from local. flag [S ], seq 1012248423, ack 0, win 13980" id=20085 trace_id=399 func=init_ip_session_common line=5519 msg="allocate a new session-00021e79" id=20085 trace_id=399 func=ipsecdev_hard_start_xmit line=178 msg="enter IPsec interface-vpn_interface_name" id=20085 trace_id=399 func=esp_output4 line=891 msg="IPsec encrypt/auth

Labels:
4006
0 Kudos
1 Solution
tanr
Valued Contributor II

Created on ‎11-02-2017 02:37 PM

Under 5.4.x at least, after you have made the changes under Log Settings to send logs to the FortiAnalyzer IP (it won't connect successfully yet).  Then from the CLI:

 

config log fortianalyzer setting

    set source-ip <FortiGate Internal IP>

 

You'll need to have your routes and security policies defined to allow this.

View solution in original post

1847
0 Kudos
3 REPLIES 3
tanr
Valued Contributor II

Created on ‎11-02-2017 02:37 PM

Under 5.4.x at least, after you have made the changes under Log Settings to send logs to the FortiAnalyzer IP (it won't connect successfully yet).  Then from the CLI:

 

config log fortianalyzer setting

    set source-ip <FortiGate Internal IP>

 

You'll need to have your routes and security policies defined to allow this.

1848
0 Kudos
valter
New Contributor
In response to tanr

Created on ‎11-03-2017 03:22 AM

Thanks

 

i found this option

 

config user fsso     edit "NAME"         set server "xx.xx.xx.xx"         set source-ip xx.xx.xx.xx

end

1817
0 Kudos
tanr
Valued Contributor II
In response to valter

Created on ‎11-03-2017 07:38 AM

Ah, sorry, misread FortiAuthenticator as FortiAnalyzer.  Looks like you found the solution anyway!

1817
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.