Get external public IP from command line in Fortinet

fortinet fortigate

23,711

Solution 1

There is a trick how to do it. It requires access to an SSH server available from the internet, preferably a linux machine. Simply log in to the server via SSH from the FortiOS CLI:

execute ssh user@sshserverip.

After logging in, drop off by typing exit and then log in again. You should then see a line saying:

Last login: date & time from: X.X.X.X.

X.X.X.X is your public address, when you logged in first time as described above.

The line "Last login:" is displayed by default unless it is deleted from SSH daemon config.

In case the server displays a DNS entry instead of the IP address, simply resolve it by typing nslookup dnsentry

Solution 2

Try "diagnose system waninfo ipify", it will show you the public facing IP address, GeoIP information and if you're on FortiGuard's blacklist. It also takes a source IP address as optional argument, if you have multiple internet lines. (tested on FortiOS 6.2)

Solution 3

I got here because I was wondering the same thing. Sure, you can just plug a PC into the internal port with a crossover cable, but I thought there had to be another way to get it.

So the solution was to have a computer on the external side of the fortigate with wireshark installed. Then in the fortigate command line, you

execute ping "computer IP address"

while the computer is running wireshark with the "icmp" display filter.

Now you should get the ping requests from the fortigate with its external IP adress.

23,711

aseques

Updated on September 18, 2022

Comments

aseques over 1 year
Is there any way to know the public IP address of a Fortinet? There are many services such as icanhazip.com that tell you the current IP. In Linux, I would just run:
```
curl http://icanhazip.com
```
How could that be done with Fortinet (I am using a fortigat 200B in case it's noteworthy)

Some cases come to my mind:
- I want to know the default GW I am using in a fast way
- My DSL router is NATing, so I don't know directly the public IP address
- Or IPs assigned as DCHP/PPPoE (as stated by @mbrownnyc)
Since it doesn't seem possible to use any form of curl/wget from the command line, another option would be to use nslookup (still not sure if it's a valid FortiGate command or only for some forti* products). See here for what I mean getting external IP
- mbrownnyc almost 10 years
  
  Do you want to grab the IP address of an interface that has an IP assigned via PPPoE or DHCP?
aseques over 9 years

The traceroute might be a good option to find the defatult gw, at least you will know the wan interface, see on the original post another idea I had..
mbrownnyc over 9 years

take a look at execute in the docs to learn how to use nslookup. I had no idea about nslookup myip.opendns.com resolver1.opendns.com. That's great! Thanks.
aseques over 8 years

Doesn't do all the features I need, it shows the interfaces ips, but doesn't hint the default gw, and doesn't work when behind a NAT device.
Hvisage about 5 years

not all DSL/cable/etc. ISPs have proper forward IPs for their reverse IPs on these dynamic IP systems;(
aseques about 4 years

In what version are you seeing this feature?, I'm on 5.6 and there's nothing like that in Network -> DNS
aseques almost 3 years

It doesn't work when you're behind a NAT
aseques almost 3 years

Nice solution, I still need an external ssh box but currently it's not a problem
Pierre Carrier about 2 years

You can execute ssh ident.me and save a roundtrip. api.ident.me for docs.