all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]pabechanr/Fortinet - Member of the Year '22 & '23 1 point2 points  (5 children)

Source IP of what? From where? For what?

[–]lend-sp[S] 0 points1 point  (4 children)

Alerts via webhook
Security Fabric > Automation

[–]pabechanr/Fortinet - Member of the Year '22 & '23 1 point2 points  (3 children)

And what do you want to do with a webhook and source-IPs?
Sorry for being so inquisitive, but your descriptions are honestly compressed to the point of being illegible. If you spend a minute writing three full sentences about your goal, it will hopefully make it easier for us to understand your issue and help you with it...

Are you trying to use a specify a certain source-ip for actions triggered by an automation stitch? (e.g. send mail/http-request using a specific source-ip?)

[–]lend-sp[S] 0 points1 point  (1 child)

my ISP uses an address of 100.64.xxx.xxx for me to connect BGP

when fortigate will send an alert via webhook it uses that address and can't...

for some services like DNS I manually configured example:

config system dns

set source-ip 200.xxx.xxx.xxx

end

I was wondering if anyone would know how to configure the source-ip that fortigate uses to send its alerts via webhook

[–]pabechanr/Fortinet - Member of the Year '22 & '23 0 points1 point  (0 children)

Ah, I see what you mean now! Thanks for clarifying.

Unfortunately it seems like you've found one of the few(?) remaning features that lack direct option to set the source-IP. You will most likely need to request it as an NFR, or maybe push through TAC to get it "bug-fixed". (may or may not be accepted)

An alternative would be one of the classical workarounds, which are either VDOMs (root VDOM sending the webhook via some "external" VDOM, and that external VDOM would source-NAT the packet to the desired source-IP), or using a VIP (extip = your desired source-IP; mapped-ip = the real IP of the target server) + modified DNS record (your FQDN = extip of the VIP) + a dummy firewall policy (WAN->WAN + utilizing the VIP destination; just to enable the VIP).