IP addresses for self-originated traffic
On the FortiGate unit, there are a number of protocols and traffic that is specific to the internal workings of FortiOS. For many of these traffic sources, you can identify a specific port/IP address for this self-originating traffic. The following traffic can be configured to a specific port/IP address:
- SNMP
- Syslog
- alert email
- FortiManager connection IP
- FortiGuard services
- FortiAnalyzer logging
- NTP
- DNS
- Authorization requests such as RADIUS
- FSSO
Configuration of these services is performed in the CLI. In each instance, there is a command set source-ip. For example, to set the source IP of NTP to be on the DMZ1 port with an IP of 192.168.4.5, the commands are:
config system ntp
set ntpsync enable set syncinterval 5
set source-ip 192.168.4.5 end
To see which services are configured with source-ip settings, use the get command:
get system source-ip status
The output will appear similar to the sample below:
NTP: x.x.x.x DNS: x.x.x.x SNMP: x.x.x.x
Central Management: x.x.x.x
FortiGuard Updates (AV/IPS): x.x.x.x
FortiGuard Queries (WebFilter/SpamFilter): x.x.x.x