Local out traffic

Local out, or self-originating, traffic is traffic that originates from the FortiGate going to external servers and services. The traffic can be from Syslog, FortiAnalyzer logging, FortiGuard services, remote authentication, and others.

By default, local out traffic relies on routing table lookups to determine the egress interface that is used to initiate the connection. However, many types of local out traffic support selecting the egress interface based on SD-WAN or manually specified interfaces. When manually specifying the egress interface, the source IP address can also be manually configured.

Go to Network > Local Out Routing to configure the available types of local out traffic. Some types of traffic can only be configured in the CLI.


By default Local Out Routing is not visible in the GUI. Go to System > Feature Visibility to enable it. See Feature visibility for more information.

When VDOMs are enabled, the following entries are available on the local out routing page: