I ping a server from the cli of fortigate firewall. I found the source ip address was WAN one instead of DMZ one. How do i change the source ip address from WAN one to DMZ one?
-
-
Answer selected by simonleung at 10-07-2025, 12:36.
I have solved the problem by enabling local out routing feature(see https://community.fortinet.com/t5/Fo...IP/ta-p/212877) -
In general, this is not very simple. The operating system itself selects the "closest" address when connecting. Especially since you are not accessing any of the programs, but the operating system.
The ip route add command has a src parameter. You can make it so that for individual networks the response is from a specific IPComment
-
I haven't figured out your configuration and in order not to make unfounded assumptions, I'm providing general information about how this mechanism works:
Either you configure the ip route command for kernel or you configure application which IP to listen to.Comment
-
I have solved the problem by enabling local out routing feature(see https://community.fortinet.com/t5/Fo...IP/ta-p/212877)Comment
-
For a single test you could also use the 'execute ping-options source <Interface/IP>' command. This sets the options for that specific session and prevents the need for persistent routing changes for example.Comment
Comment