Skip to main content
amaroth
amaroth
New Member
October 3, 2018
Question

FortiOS 5.6.5 match-vip command missing

  • October 3, 2018
  • 1 reply
  • 4694 views

Hi,

 

I wanted to apply set match-vip enable to policy and it turns out FortiOS doesn't have such a command ! When it was removed, and how can I now accomplish hair-pin NAT ?

 

This is what I get in cli:

 

# set match-vip enable
 
command parse error before 'match-vip'
Command fail. Return code -61

 

When I do set ? it doesn't even display me match-vip as an argument.

    1 reply

    tanr
    tanr
    New Member
    October 3, 2018

    It's still there in 5.6.6 (and I assume in 5.6.5 since it transferred my match-vip enable settings).

     

    Are you setting it from within the specific security policy?  That's where you need to enable it.

    ddskier
    ddskier
    New Member
    October 4, 2018

    Example:

     

    config firewall policy

      edit 226      set srcintf "Example-SourceInterface"      set dstintf "Example-TargetInterface"      set srcaddr "all"      set dstaddr "all"      set action accept      set schedule "always"      set service "SMTP"      set comments "Hairpin NAT Fix"      set match-vip enable   next

    end

    Terms & ConditionsAccessibility statement