Hello, I have an application that logs the IP addresses of users that access it. When the application is put behind a Fortigate 30E firewall, it only logs IP address of the firewall. Is there a policy that I can apply to forward the actual IP addresses of the users to the application?
Oguzhandag wrote:My suspicion is that the firewall rule allowing the access has the NAT setting turned on, which does exactly what you're seeing. NAT is often unnecessary, especially with a Virtual IP that *already* does NAT.Is there a policy that I can apply to forward the actual IP addresses of the users to the application?
Exactly as Steve said. This confuses a lot of novices, but never enable on NAT on an "incoming" (from the Internet) rule. Never. NAT is for outgoing only.
I am having the same issue. I need to be able to forward the IP address of the host making a request to servers behind our FortiGate 100E firewall and we are only seeing the firewall's IP instead of the IP address from the host making the request.
Thanks, turning off NAT solved the problem.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.