Skip to main content
rb400
rb400
New Member
March 26, 2015
Question

Assign VIP to a Zone ?

  • March 26, 2015
  • 3 replies
  • 7882 views

Any specific (URL) literature (or forum dialogue) suggestions as to assigning a VIP to an external interface ZONE?

 

Our zone contains multiple public facing interfaces that will support bgp.

    3 replies

    Iescudero
    Iescudero
    New Member
    March 26, 2015

    Hi! i think this cannot be performed, as a "Zone" is just for maintain same policy to different physical interfaces. But, you can assign your VIP to "any" interface and then applied to a Policy, that has incoming/outcoming interface as a Zone

     

    rb400
    rb400Author
    New Member
    March 26, 2015

    escudero wrote:

    Hi! i think this cannot be performed, as a "Zone" is just for maintain same policy to different physical interfaces. But, you can assign your VIP to "any" interface and then applied to a Policy, that has incoming/outcoming interface as a Zone

     

    I need the identical VIP assigned to multiple interfaces (hence the ZONE idea).

     

    GUI change gives me a "A duplicate entry already exists."  error

    b_row
    b_row
    New Member
    March 26, 2015

    Hello,

    In this case I suggest you register a VIP for each interface are able to aggregate in a VIP group or not, and register the rules of its purpose. In which case the zone will only make the organization the VIP registration in the rules.

     

    Hope this helps.

    rb400
    rb400Author
    New Member
    March 26, 2015

    BdA.lRS wrote:

     

    In which case the zone will only make the organization the VIP registration in the rules.

    How do I assign the same IP to both interfaces?

     

    Scenario:

    Client1(trying to access 2.2.2.2) ====>ISP1(bgp)===> FGT(bgp)port1(VIP-2.2.2.2)===>FGT(NAT-10.10.10.10)

    Client2(trying to access 2.2.2.2) ====>ISP2(bgp)===>FGT(bgp)port2(VIP-2.2.2.2)===>FGT(NAT-10.10.10.10)

     

    My FGT does not allow the above setup or am I missing a step?

    b_row
    b_row
    New Member
    March 26, 2015

    Hello I see your configuration as follows. Whereas port1 and port2 IP address of different subnet. Client1 (trying to access 2.2.2.2) ====> ISP1 (BGP) ===> FGT (BGP) port1 (VIP-2.2.2.2) ===> FGT (NAT-10.10.10.10) Client2 (trying to access 2.2.2.2) ====> ISP2 (BGP) ===> FGT (BGP) port2 (3.3.3.3) ===> FGT (BGP) port1 (VIP-2.2.2.2) == FGT(NAT-10.10.10.10) ">=> FGT (NAT-10.10.10.10) I believe the same IP you can not configure.

     

    Hope this helps

    Terms & ConditionsAccessibility statement