Summarize source IP usage on the Local Out Routing page
The Local Out Routing page consolidates features where a source IP and an outgoing interface attribute can be configured to route local-out traffic. The outgoing interface has a choice of Auto, SD-WAN, or Specify to allow granular control over the interface in which to route the local-out traffic. Local Out Routing must be enabled from System > Feature Visibility, and it supports multi-VDOM mode.
When VDOMs are enabled, the following entries are available in global view on the Network > Local Out Routing page.
When VDOMs are enabled, the following entries are available in VDOM view on the Network > Local Out Routing page.
If a service is disabled, it is grayed out. To enable it, select the service and click Enable Service. If a service is enabled, there is a Local Out Setting button in the gutter of that service's edit page to directly configure the local-out settings.
A new static REST API shows the existing local-out routing tables.
Examples
To configure DNS local-out routing:
- Go to Network > Local Out Routing and double-click System DNS.
- For Outgoing interface, select one of the following:
Auto
Select the outgoing interface automatically based on the routing table.
SD-WAN
Select the outgoing interface using the configured SD-WAN interfaces and rules.
Specify
Select the outgoing interface from the dropdown.
- If Specify is selected, select a setting for Source IP:
Use Interface IP
Use the primary IP, which cannot be configured by the user.
Manually
Selected an IP from the list, if the selected interface has multiple IPs configured.
- Click OK.
To edit local-out settings from a RADIUS server entry:
- Go to User & Authentication > RADIUS Servers and double-click an entry to edit it.
- Click Local Out Setting.
The Edit Local Out Setting pane opens.
- Configure the settings for Outgoing interface and Source IP.
- Click OK.
api/v2/static/local_out_policy_source_metadata.json
{ "system.dns": { "path": "system", "name": "dns", "groupBy": "system", "scope": "global", "complex": true, "dependencies": ["primary", "secondary"], "enabledRequired": false }, "system.fortiguard": { "path": "system", "name": "fortiguard", "groupBy": "system", "scope": "global", "complex": true, "dependencies": ["server"], "enabledRequired": false }, "system.external-resource": { "path": "system", "name": "external-resource", "groupBy": "external resource", "scope": "global", "complex": false, "dependencies": [], "enabledRequired": false }, "system.fortisandbox": { "path": "system", "name": "fortisandbox", "groupBy": "system", "scope": "global", "complex": true, "dependencies": ["server"], "enabledRequired": false }, "log.fortianalyzer.setting": { "path": "log.fortianalyzer", "name": "setting", "groupBy": "Log", "scope": "global", "complex": true, "dependencies": ["server"], "enabledRequired": false }, "log.fortianalyzer.override-setting": { "path": "log.fortianalyzer", "name": "override-setting", "groupBy": "Log", "scope": "vdom", "complex": true, "dependencies": ["server"], "enabledRequired": true }, "log.fortianalyzer-cloud.setting": { "path": "log.fortianalyzer-cloud", "name": "setting", "groupBy": "Log", "scope": "global", "complex": true, "dependencies": ["server"], "enabledRequired": false }, "log.fortianalyzer-cloud.override-setting": { "path": "log.fortianalyzer-cloud", "name": "override-setting", "groupBy": "Log", "scope": "vdom", "complex": true, "dependencies": ["server"], "enabledRequired": true }, "log.fortiguard.setting": { "path": "log.fortiguard", "name": "setting", "groupBy": "Log", "scope": "global", "complex": true, "dependencies": ["server"], "enabledRequired": false }, "log.fortiguard.override-setting": { "path": "log.fortiguard", "name": "override-setting", "groupBy": "Log", "scope": "vdom", "complex": true, "dependencies": ["server"], "enabledRequired": true }, "log.syslogd.setting": { "path": "log.syslogd", "name": "setting", "groupBy": "Log", "scope": "global", "complex": true, "dependencies": ["server"], "enabledRequired": false }, "log.syslogd.override-setting": { "path": "log.syslogd", "name": "override-setting", "groupBy": "Log", "scope": "vdom", "complex": true, "dependencies": ["server"], "enabledRequired": true }, "user.ldap": { "path": "user", "name": "ldap", "groupBy": "ldap", "scope": "vdom", "complex": false, "dependencies": ["server"], "enabledRequired": false }, "user.radius": { "path": "user", "name": "radius", "groupBy": "radius", "scope": "vdom", "complex": false, "dependencies": ["server"], "enabledRequired": false }, "user.tacacs+": { "path": "user", "name": "tacacs+", "groupBy": "tacacs", "scope": "vdom", "complex": false, "dependencies": ["server"], "enabledRequired": false } }