Fortinet black logo

New Features

Summarize source IP usage on the Local Out Routing page

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:286784
Download PDF

Summarize source IP usage on the Local Out Routing page

The Local Out Routing page consolidates features where a source IP and an outgoing interface attribute can be configured to route local-out traffic. The outgoing interface has a choice of Auto, SD-WAN, or Specify to allow granular control over the interface in which to route the local-out traffic. Local Out Routing must be enabled from System > Feature Visibility, and it supports multi-VDOM mode.

When VDOMs are enabled, the following entries are available in global view on the Network > Local Out Routing page.

When VDOMs are enabled, the following entries are available in VDOM view on the Network > Local Out Routing page.

If a service is disabled, it is grayed out. To enable it, select the service and click Enable Service. If a service is enabled, there is a Local Out Setting button in the gutter of that service's edit page to directly configure the local-out settings.

A new static REST API shows the existing local-out routing tables.

Examples

To configure DNS local-out routing:
  1. Go to Network > Local Out Routing and double-click System DNS.
  2. For Outgoing interface, select one of the following:

    Auto

    Select the outgoing interface automatically based on the routing table.

    SD-WAN

    Select the outgoing interface using the configured SD-WAN interfaces and rules.

    Specify

    Select the outgoing interface from the dropdown.

  3. If Specify is selected, select a setting for Source IP:

    Use Interface IP

    Use the primary IP, which cannot be configured by the user.

    Manually

    Selected an IP from the list, if the selected interface has multiple IPs configured.

  4. Click OK.
To edit local-out settings from a RADIUS server entry:
  1. Go to User & Authentication > RADIUS Servers and double-click an entry to edit it.
  2. Click Local Out Setting.

    The Edit Local Out Setting pane opens.

  3. Configure the settings for Outgoing interface and Source IP.

  4. Click OK.

api/v2/static/local_out_policy_source_metadata.json

{
    "system.dns": {
        "path": "system",
        "name": "dns",
        "groupBy": "system",
        "scope": "global",
        "complex": true,
        "dependencies": ["primary", "secondary"],
        "enabledRequired": false
    },
    "system.fortiguard": {
        "path": "system",
        "name": "fortiguard",
        "groupBy": "system",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "system.external-resource": {
        "path": "system",
        "name": "external-resource",
        "groupBy": "external resource",
        "scope": "global",
        "complex": false,
        "dependencies": [],
        "enabledRequired": false
    },
    "system.fortisandbox": {
        "path": "system",
        "name": "fortisandbox",
        "groupBy": "system",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "log.fortianalyzer.setting": {
        "path": "log.fortianalyzer",
        "name": "setting",
        "groupBy": "Log",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "log.fortianalyzer.override-setting": {
        "path": "log.fortianalyzer",
        "name": "override-setting",
        "groupBy": "Log",
        "scope": "vdom",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": true
    },
    "log.fortianalyzer-cloud.setting": {
        "path": "log.fortianalyzer-cloud",
        "name": "setting",
        "groupBy": "Log",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "log.fortianalyzer-cloud.override-setting": {
        "path": "log.fortianalyzer-cloud",
        "name": "override-setting",
        "groupBy": "Log",
        "scope": "vdom",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": true
    },
    "log.fortiguard.setting": {
        "path": "log.fortiguard",
        "name": "setting",
        "groupBy": "Log",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "log.fortiguard.override-setting": {
        "path": "log.fortiguard",
        "name": "override-setting",
        "groupBy": "Log",
        "scope": "vdom",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": true
    },
    "log.syslogd.setting": {
        "path": "log.syslogd",
        "name": "setting",
        "groupBy": "Log",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "log.syslogd.override-setting": {
        "path": "log.syslogd",
        "name": "override-setting",
        "groupBy": "Log",
        "scope": "vdom",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": true
    },
    "user.ldap": {
        "path": "user",
        "name": "ldap",
        "groupBy": "ldap",
        "scope": "vdom",
        "complex": false,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "user.radius": {
        "path": "user",
        "name": "radius",
        "groupBy": "radius",
        "scope": "vdom",
        "complex": false,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "user.tacacs+": {
        "path": "user",
        "name": "tacacs+",
        "groupBy": "tacacs",
        "scope": "vdom",
        "complex": false,
        "dependencies": ["server"],
        "enabledRequired": false
    }
} 

Summarize source IP usage on the Local Out Routing page

The Local Out Routing page consolidates features where a source IP and an outgoing interface attribute can be configured to route local-out traffic. The outgoing interface has a choice of Auto, SD-WAN, or Specify to allow granular control over the interface in which to route the local-out traffic. Local Out Routing must be enabled from System > Feature Visibility, and it supports multi-VDOM mode.

When VDOMs are enabled, the following entries are available in global view on the Network > Local Out Routing page.

When VDOMs are enabled, the following entries are available in VDOM view on the Network > Local Out Routing page.

If a service is disabled, it is grayed out. To enable it, select the service and click Enable Service. If a service is enabled, there is a Local Out Setting button in the gutter of that service's edit page to directly configure the local-out settings.

A new static REST API shows the existing local-out routing tables.

Examples

To configure DNS local-out routing:
  1. Go to Network > Local Out Routing and double-click System DNS.
  2. For Outgoing interface, select one of the following:

    Auto

    Select the outgoing interface automatically based on the routing table.

    SD-WAN

    Select the outgoing interface using the configured SD-WAN interfaces and rules.

    Specify

    Select the outgoing interface from the dropdown.

  3. If Specify is selected, select a setting for Source IP:

    Use Interface IP

    Use the primary IP, which cannot be configured by the user.

    Manually

    Selected an IP from the list, if the selected interface has multiple IPs configured.

  4. Click OK.
To edit local-out settings from a RADIUS server entry:
  1. Go to User & Authentication > RADIUS Servers and double-click an entry to edit it.
  2. Click Local Out Setting.

    The Edit Local Out Setting pane opens.

  3. Configure the settings for Outgoing interface and Source IP.

  4. Click OK.

api/v2/static/local_out_policy_source_metadata.json

{
    "system.dns": {
        "path": "system",
        "name": "dns",
        "groupBy": "system",
        "scope": "global",
        "complex": true,
        "dependencies": ["primary", "secondary"],
        "enabledRequired": false
    },
    "system.fortiguard": {
        "path": "system",
        "name": "fortiguard",
        "groupBy": "system",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "system.external-resource": {
        "path": "system",
        "name": "external-resource",
        "groupBy": "external resource",
        "scope": "global",
        "complex": false,
        "dependencies": [],
        "enabledRequired": false
    },
    "system.fortisandbox": {
        "path": "system",
        "name": "fortisandbox",
        "groupBy": "system",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "log.fortianalyzer.setting": {
        "path": "log.fortianalyzer",
        "name": "setting",
        "groupBy": "Log",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "log.fortianalyzer.override-setting": {
        "path": "log.fortianalyzer",
        "name": "override-setting",
        "groupBy": "Log",
        "scope": "vdom",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": true
    },
    "log.fortianalyzer-cloud.setting": {
        "path": "log.fortianalyzer-cloud",
        "name": "setting",
        "groupBy": "Log",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "log.fortianalyzer-cloud.override-setting": {
        "path": "log.fortianalyzer-cloud",
        "name": "override-setting",
        "groupBy": "Log",
        "scope": "vdom",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": true
    },
    "log.fortiguard.setting": {
        "path": "log.fortiguard",
        "name": "setting",
        "groupBy": "Log",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "log.fortiguard.override-setting": {
        "path": "log.fortiguard",
        "name": "override-setting",
        "groupBy": "Log",
        "scope": "vdom",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": true
    },
    "log.syslogd.setting": {
        "path": "log.syslogd",
        "name": "setting",
        "groupBy": "Log",
        "scope": "global",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "log.syslogd.override-setting": {
        "path": "log.syslogd",
        "name": "override-setting",
        "groupBy": "Log",
        "scope": "vdom",
        "complex": true,
        "dependencies": ["server"],
        "enabledRequired": true
    },
    "user.ldap": {
        "path": "user",
        "name": "ldap",
        "groupBy": "ldap",
        "scope": "vdom",
        "complex": false,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "user.radius": {
        "path": "user",
        "name": "radius",
        "groupBy": "radius",
        "scope": "vdom",
        "complex": false,
        "dependencies": ["server"],
        "enabledRequired": false
    },
    "user.tacacs+": {
        "path": "user",
        "name": "tacacs+",
        "groupBy": "tacacs",
        "scope": "vdom",
        "complex": false,
        "dependencies": ["server"],
        "enabledRequired": false
    }
}