IP addresses for self-originated traffic

IP addresses for self-originated traffic

On the FortiGate unit, there are a number of protocols and traffic that is specific to the internal workings of FortiOS. For many of these traffic sources, you can identify a specific port/IP address for this self-originating traffic. The following traffic can be configured to a specific port/IP address:

  • SNMP
  • Syslog
  • alert email
  • FortiManager connection IP
  • FortiGuard services
  • FortiAnalyzer logging
  • NTP
  • DNS
  • Authorization requests such as RADIUS
  • FSSO

Configuration of these services is performed in the CLI. In each instance, there is a command set source-ip. For example, to set the source IP of NTP to be on the DMZ1 port with an IP of 192.168.4.5, the commands are:

config system ntp

set ntpsync enable set syncinterval 5

set source-ip 192.168.4.5 end

 

To see which services are configured with source-ip settings, use the get command:

get system source-ip status

 

The output will appear similar to the sample below:

NTP: x.x.x.x DNS: x.x.x.x SNMP: x.x.x.x

Central Management: x.x.x.x

FortiGuard Updates (AV/IPS): x.x.x.x

FortiGuard Queries (WebFilter/SpamFilter): x.x.x.x

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.