FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
welnaggar
Staff
Staff
Article Id 190413
Description
This article describes how to use a source IP for internal workings.

Solution
In this scenario, it’s assumed that Fortigate is behind a router/firewall that only allows traffic coming with a source IP address x.x.x.x

Normally, an IPPool can be configured and added to IPv4 policies to SNAT all internal traffic, however, it can’t SNAT local traffic that is specific to the internal workings of FortiOS like DNS, FortiGuard services, FortiManager connection IP, FortiAnalyzer logging, Syslog, alert email, SNMP and authorization requests.

Therefore, a loopback interface is to be created with the IP address x.x.x.x
#Config system interface
    edit "local-interface"
        set vdom "root"
        set ip x.x.x.x 255.255.255.255
        set type loopback
    next
end
Then, it can be added as a source-ip to the local service.

Examples:

FortiGuard system:

#Config sys fortiguard
set source-ip x.x.x.x
end
DNS system:
#config sys dns
set source-ip x.x.x.x
end

Contributors