Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rifqi
New Contributor II

view real source ip in fortigate aws

Hii all,

 

i have a topology in aws environmet like this :

NLB -> fortigate -> TGW -> server.

 

Our nlb already NATing ip public to ip private, so fortigate only detect ip source private from nlb.
so my question is could we seeing ip public source behind NLB in fortigate ?

 

thank.

3 REPLIES 3
mauromarme
Staff
Staff

Hello @Rifqi,

I think this could be related to a NLB AWS behavior. If you see the Private IP from NLB as the source, it is because that's how NLB forwards traffic to the FortiGate. If NLB were to include the "Real" public IP in the header instead of the private one when forwarding traffic to the FortiGate, you would then see the public IP on FortiGate.

I think that behavior is because you are doing Nating on NLB.

I hope that helps.

Regards,

Mauricio Marin
Fortinet TAC Senior Engineer
Rifqi
New Contributor II

Hii marin,

 

if our NLB do not nating and keep using ip public for source, then our fortigate could detect real ip source who access our servers ?


thanks,

Regards,

 

Rifqi

hbac

Hi @Rifqi , 

 

Yes, you are correct. 

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors