IP addresses for self-originated traffic
On the FortiGate unit, there are a number of protocols and traffic that is specific to the internal workings of FortiOS. For many of these traffic sources, you can identify a specific port/IP address for this self-originating traffic. The following traffic can be configured to a specific port/IP address:
• SNMP
• Syslog
• alert email
• FortiManager connection IP
• FortiGuard services
• FortiAnalyzer logging
• NTP
• DNS
• Authorization requests such as RADIUS
• FSAE
Configuration of these services is performed in the CLI. In each instance, there is a command set source-ip. For example, to set the source IP of NTP to be on the DMZ1 port with an IP of 192.168.4.5, the commands are:
config system ntp
set ntpsyn enable
set syncinterval 5
set source-ip 192.168.4.5
end
To see which services are configured with source-ip settings, use the get command:
get system source-ip status
The output will appear similar to the sample below:
NTP: x.x.x.x
DNS: x.x.x.x
SNMP: x.x.x.x
Central Management: x.x.x.x
FortiGuard Updates (AV/IPS): x.x.x.x
FortiGuard Queries (WebFilter/SpamFilter): x.x.x.x