FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmarcuccetti
Staff
Staff
Article Id 193084

Description


For self-originating (ping, backup, snmp) traffic through VPN, when source-ip is not configured, FortiGate will use the IP from the egress interface (interface with the lowest index shown in "diagnose ip address list"), as described here:

https://community.fortinet.com/t5/FortiGate/Technical-Note-Self-originating-traffic-over-IPSec-VPN-F...

 

This article describes how to configure IP address on an IPSec tunnel interface.

It also applies to automatic configuration backup when sent over an IPSEC tunnel to a remote location:

Technical Tip: How to take backup from CLI using secure FTP (SFTP) protocol


Solution


To be sure about the source IP that FortiGate will use for the self-originating traffic, configure an IP address for the IPSec interface.



 
 
# config system interface
    edit "Dial"
        set vdom "root"
        set ip 172.26.138.69 255.255.255.255
        set allowaccess ping
        set type tunnel
        set snmp-index 12
        set interface "wan1"
    next
end


Related Articles

Technical Tip : How to control/change the FortiGate source IP for self-originating traffic : SNMP , ...