FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pradeepb
Staff
Staff
Article Id 198426
Description
This article describes how to change the source interface IP that the FortiGate will use when sending TCP/UDP packets to the following log, trap, or alarm receivers :

SNMP 
Syslog
FortiAnalyzer 
Alert Email 
- FortiManager 
 
By default, the source IP is the one from the FortiGate egress interface. This feature allows for example to specify a loopback address as source IP (see related article).


Scope
FortiOS 4.0 MR2 and above

Solution
This feature is available only in the CLI.

The following CLI commands show some examples :

config system snmp community
    edit 1
            config hosts
                edit 1
                    set ip 10.160.0.171
                    set source-ip 10.160.10.1    << source IP to use
                next
            end
        set name "
community_name"
    next
end

For SNMP v3:

config system snmp user
   edit <user>
        set source-ip  10.160.10.1            
    next
end   


config system central-management
      set fmg-source-ip 172.16.122.154
end


config log syslogd setting
    set status enable
    set server "10.160.0.171"
    set source-ip 10.160.10.1
end

config system alertemail
    set source-ip 10.160.10.1
end



A sniffer trace allows to verify the source IP of the packets sent :

FGT# diagnose sniffer packet
  any " port 162" 4
4.030647 internal out 10.160.10.1.162 -> 10.160.0.171.162: udp 112
4.031243 internal out 10.160.10.1.162 -> 10.160.0.171.162: udp 137



Related Articles

Technical Tip : Configuring and using a loopback interface on a FortiGate

Technical Tip: How a FortiManager can manage a FortiGate via Redundant WAN interfaces

Contributors