Hii all,
i have a topology in aws environmet like this :
NLB -> fortigate -> TGW -> server.
Our nlb already NATing ip public to ip private, so fortigate only detect ip source private from nlb.
so my question is could we seeing ip public source behind NLB in fortigate ?
thank.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @Rifqi,
I think this could be related to a NLB AWS behavior. If you see the Private IP from NLB as the source, it is because that's how NLB forwards traffic to the FortiGate. If NLB were to include the "Real" public IP in the header instead of the private one when forwarding traffic to the FortiGate, you would then see the public IP on FortiGate.
I think that behavior is because you are doing Nating on NLB.
I hope that helps.
Regards,
Hii marin,
if our NLB do not nating and keep using ip public for source, then our fortigate could detect real ip source who access our servers ?
thanks,
Regards,
Rifqi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.