FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article explains how to configure a specific IP address to connect FortiGate to FortiCloud.
Solution By default, FortiGate uses the outgoing interface address as the source IP address to connect to FortiCloud.
This is confirmed by the following:
1) Ping the following to collect IP address:
# exec ping logctrl1.fortinet.com
2) Run a sniffer on FortiGate against the resolved IP address from step 1.
# diagnose sniffer packet any ‘host x.x.x.x and port 443’ 4 0 a
Replace x.x.x.x with the resolved IP from step 1.
3) Run telnet against the resolve IP from step1.
# exec telnet <resolved IP from step 1> 443
This will help in identifying the source address used for FortiCloud traffic. 'Connected' will be visible.
Solution.
If the wrong source IP address is used or there is required to configure a different source IP address from which the FortiCloud traffic should be initiated on FortiGate, this needs to be configured from CLI. This is the case if the FortiGate is behind an IPsec tunnel and the outgoing interface has no IP.
# config log fortiguard setting set source-ip y.y.y.y <----- Replace y.y.y.y with desired source IP. end
Run the sniffer again to confirm source IP address used.
# diagnose sniffer packet any ‘host x.x.x.x and port 443’ 4 0 a
