Local out traffic

Local out, or self-originating, traffic is traffic that originates from the FortiGate going to external servers and services. The traffic can be from Syslog, FortiAnalyzer logging, FortiGuard services, remote authentication, and others.

By default, local out traffic relies on routing table lookups to determine the egress interface that is used to initiate the connection. However, many types of local out traffic support selecting the egress interface based on SD-WAN or manually specified interfaces. When manually specifying the egress interface, the source IP address can also be manually configured.

Go to Network > Local Out Routing to configure the available types of local out traffic. Some types of traffic can only be configured in the CLI.

Note

By default Local Out Routing is not visible in the GUI. Go to System > Feature Visibility to enable it. See Feature visibility for more information.

When VDOMs are enabled, the following entries are available on the local out routing page:

Global view

 

VDOM view

External Resources

 

LDAP Servers

 

AWS_IP_Blacklist

   

ldap

 

AWS_Malware_Hash

 

Log

Log

 

 

Log FortiAnalyzer Override Settings

 

Log FortiAnalyzer Setting

 

 

Log Syslogd Override Settings

 

Log FortiAnalyzer Cloud Setting

 

RADIUS Servers

 

FortiGate Cloud Log Settings

   

fac_radius_server

 

Log Syslogd Setting

 

TACACS+

System

 

 

TACACS

 

System DNS

 

 

 

 

System FortiGuard

 

 

 

 

System FortiSandbox

 

 

 

If a service is disabled, it is grayed out. To enable it, select the service and click Enable Service. If a service is enabled, there is a Local Out Setting button in the gutter of that service's edit page to directly configure the local-out settings.

Examples

To configure DNS local-out routing:
  1. Go to Network > Local Out Routing and double-click System DNS.

  2. For Outgoing interface, select one of the following:

    Auto