FG30E VIP setup on interface VLAN of the WAN port

Forum|Forum|2 years ago
May 30, 2023
1 reply
2184 views

Hi everyone,

My ISP just changed my connection configuration and I now must use a VLAN to connect my fiber to them.

I've created the new VLAN interface off the WAN port interface and I can connect to my ISP now.

The problem is I have quite a few VIP's setup which use the WAN interface and not the VLAN interface. When I try and create a new VIP using the DHCP assigned IP (from ISP) of the VLAN interface I get a "duplicate error"

Is it possible to assign a VIP to a VLAN interface? Why is it detecting a duplicate? Does it not like that the VLAN interface has the ISP's dhcp ip now?

Regards,

FortiGate

Best answer by knagaraju

Hello Gyspy_Dave,

Yes. VIP will work on the VLAN interface.
Duplicate error in the case of VIP will only be seen if there is any existing VIP matching the new rule as duplicate.

Please share with me the output of the commands from FortiGate cli
get system status
diagnose ip add list
get router info routing-table details

Regards
Nagaraju.

knagarajuAnswer

Staff

Hello Gyspy_Dave,

Yes. VIP will work on the VLAN interface.
Duplicate error in the case of VIP will only be seen if there is any existing VIP matching the new rule as duplicate.

Please share with me the output of the commands from FortiGate cli
get system status
diagnose ip add list
get router info routing-table details

Regards
Nagaraju.

Gypsy_DaveAuthor

New Member

Thanks for the reply. ok So the new VIP I am creating is using the DHCP assigned IP (NADUNET2) and using a completely different LAN IP to forward the ports too. Is that classed as a duplicate because its using the DHCP assigned IP from the ISP?

FG-HOME # get system status  Version: FortiGate-30E v6.2.12,build1319,221102 (GA)  Virus-DB: 87.00770(2021-07-20 15:20)  Extended DB: 87.00770(2021-07-20 15:19)  IPS-DB: 6.00741(2015-12-01 02:30)  IPS-ETDB: 0.00000(2001-01-01 00:00)  APP-DB: 23.00557(2023-05-18 00:59)  INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)  Serial-Number: FGT30EXXXXXXXXXXX  Botnet DB: 4.00515(2019-07-02 10:00)  BIOS version: 05000016  System Part-Number: PXXXXXXX  Log hard disk: Not available  Hostname: FG-HOME  Private Encryption: Disable  Operation Mode: NAT  Current virtual domain: root  Max number of virtual domains: 5  Virtual domains status: 1 in NAT mode, 0 in TP mode  Virtual domain configuration: disable  FIPS-CC mode: disable  Current HA mode: standalone  Branch point: 1319  Release Version Information: GA  System time: Tue May 30 14:35:00 2023

IP=192.168.10.1->192.168.10.1/255.255.255.0 index=5 devname=lan1  IP=192.168.30.1->192.168.30.1/255.255.255.0 index=6 devname=lan2  IP=127.0.0.1->127.0.0.1/255.0.0.0 index=10 devname=root  IP=10.0.54.209->10.0.54.209/255.255.248.0 index=12 devname=NADUNET2  IP=192.168.1.1->192.168.1.1/255.255.255.0 index=13 devname=lan  IP=169.254.1.1->169.254.1.1/255.255.255.0 index=14 devname=fortilink  IP=127.0.0.1->127.0.0.1/255.0.0.0 index=15 devname=vsys_ha  IP=127.0.0.1->127.0.0.1/255.0.0.0 index=17 devname=vsys_fgfm

outing table for VRF=0  Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP         O - OSPF, IA - OSPF inter area         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2         E1 - OSPF external type 1, E2 - OSPF external type 2         i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area         * - candidate default     S*      0.0.0.0/0 [5/0] via 10.0.48.1, NADUNET2  C       10.0.48.0/21 is directly connected, NADUNET2  C       169.254.1.0/24 is directly connected, fortilink  C       192.168.1.0/24 is directly connected, lan  S       192.168.2.0/24 [15/0] via 192.168.1.101, lan  S       192.168.4.0/24 [10/0] via 192.168.30.2, lan2  C       192.168.10.0/24 is directly connected, lan1  C       192.168.30.0/24 is directly connected, lan2

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded