Skip to main content
catalin_plotogea
catalin_plotogea
New Member
May 6, 2016
Question

FortiGate unable to add loopback interface to zone

  • May 6, 2016
  • 1 reply
  • 14015 views

Hello,

 

We have couple FGT-300D devices running FortiOS v5.2.6,build711 GA and we are migrating configuration and policies to zone from interfaces (physical and VLANs).  But I an unable to add loopback interfaces to a zone. Loopback if is not referenced in any policies, but still not available to be added to a specific zone. Tried from GUI and CLI.

 

Does this OS have a bug regarding this issues or this is a product design restriction?

 

Thank you!

1 reply

emnoc
emnoc
New Member
May 6, 2016

I believe this is a limitation in  FortiOS &  multi-Vdom and nonMulti-Vdom  models running 5.2.x don't allow for loopback type interfaces to be in a zone definition.

 

You can open a case with FTNT support and see what they say.

 

ken

 

rwpatterson
rwpatterson
New Member
May 6, 2016

Technically, a zone isn't an interface, it's a group of interfaces treated equally... Think of it like an address vs an address group in concept, not operation.

emnoc
emnoc
New Member
May 6, 2016

Yeah, but you still can't install a "loopback" interface into a zone.

 

I'm only aware of the following supported interfaces for a zone concept;

 

[ul]
  • tagged-802.1q
  • tunnel( gre/ipip/ipv6 )
  • vpn-tunnel
  • physical
  • aggregate[/ul]

     

    I believe something has changed over the course of the last major release iirc loopback could be in a zone in  the pass. Some correct me if this is not correct?  I don't have anytihing in  pre 5.0.x to test so I can't prove that theory.

     

    edit: add vdom-interlink to supported interfaces types also for the "zone"

     

     

    Ken

     

     

    • Terms & ConditionsAccessibility statement