Azure vWAN SLB applies-on gives "invalid ingress public IP"

Question

I'm configuring internet inbound rules for Azure vWAN SLB using FortiManager 7.4.6 and FortiGate NVA 7.4.7.

I am having the error on this step: https://docs.fortinet.com/document/fortigate-public-cloud/7.4.0/azure-vwan-sd-wan-ngfw-deployment-guide/182878/configuring-internet-inbound-dnat-policies-using-fortimanager

Tried IP, full resource ID, and exact name. Any help is appreciated!

Error log:

Starting log (Run on device)

Start installing

forti-ngfw-fyalsqc3w~000 config azure vwan-slb

forti-ngfw-fyalsqc3w~000 (vwan-slb) config permanent-security-rules

forti-ngfw-fyalsqc3w~000 (permanent-securi~les) set status enable

forti-ngfw-fyalsqc3w~000 (permanent-securi~les) config rules

forti-ngfw-fyalsqc3w~000 (rules) edit "test"

forti-ngfw-fyalsqc3w~000 (test) set source-address-prefix "*"

forti-ngfw-fyalsqc3w~000 (test) set destination-port-ranges "443"

forti-ngfw-fyalsqc3w~000 (test) set applies-on "forti-slb-pip"

invalid ingress public IP: forti-slb-pip

acceptable public IP name:

Command fail. Return code -9999

forti-ngfw-fyalsqc3w~000 (test) next

Attribute 'applies-on' MUST be set.

Command fail. Return code 1

forti-ngfw-fyalsqc3w~000 (rules) end

forti-ngfw-fyalsqc3w~000 (permanent-securi~les) end

forti-ngfw-fyalsqc3w~000 (vwan-slb) end

---> generating verification report

( azure vwan-slb permanent-security-rules rules )

add entry "test"

(global: azure vwan-slb permanent-security-rules rules "test":source-address-prefix)

remote original:

to be installed: "*"

(global: azure vwan-slb permanent-security-rules rules "test":destination-port-ranges)

remote original:

to be installed: "443"

(global: azure vwan-slb permanent-security-rules rules "test":applies-on)

remote original:

to be installed: "forti-slb-pip"

<--- done generating verification report

------- Start to retry --------

forti-ngfw-fyalsqc3w~000 config azure vwan-slb

forti-ngfw-fyalsqc3w~000 (vwan-slb) config permanent-security-rules

forti-ngfw-fyalsqc3w~000 (permanent-securi~les) config rules

forti-ngfw-fyalsqc3w~000 (rules) edit "test"

forti-ngfw-fyalsqc3w~000 (test) set source-address-prefix "*"

forti-ngfw-fyalsqc3w~000 (test) set destination-port-ranges "443"

forti-ngfw-fyalsqc3w~000 (test) set applies-on "forti-slb-pip"

invalid ingress public IP: forti-slb-pip

acceptable public IP name:

Command fail. Return code -9999

forti-ngfw-fyalsqc3w~000 (test) next

Attribute 'applies-on' MUST be set.

Command fail. Return code 1

forti-ngfw-fyalsqc3w~000 (rules) end

forti-ngfw-fyalsqc3w~000 (permanent-securi~les) end

forti-ngfw-fyalsqc3w~000 (vwan-slb) end

---> generating verification report

( azure vwan-slb permanent-security-rules rules )

add entry "test"

(global: azure vwan-slb permanent-security-rules rules "test":source-address-prefix)

remote original:

to be installed: "*"

(global: azure vwan-slb permanent-security-rules rules "test":destination-port-ranges)

remote original:

to be installed: "443"

(global: azure vwan-slb permanent-security-rules rules "test":applies-on)

remote original:

to be installed: "forti-slb-pip"

<--- done generating verification report

install failed

WilmerWubs · Accepted Answer

Solved: I think the solution was hybrid image instead of just ngfw. Works now as expected.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded