Skip to main content
riverstech
riverstech
New Member
June 14, 2019
Solved

Testing Virtual IP

  • June 14, 2019
  • 1 reply
  • 5444 views

I'm trying to test a VIP on a Fortigate 310B v.5.2.2 but I am getting "A duplicate Entry Already Exists" I don't even want to apply the VIP to a policy at the moment I just want the VIP in place to make an IP change. Is there a way to crate a VIP when there is a duplicate external IP?

 

Thanks

 

Best answer by rwpatterson

Use 0.0.0.0 on the outside interface. Usually though a duplicate IP means the target address/port has already been assigned. Even as a test, if prod is pointing to that same device you will get that error when trying to set up an additional virtual IP.

1 reply

rwpatterson
rwpattersonAnswer
New Member
June 14, 2019

Use 0.0.0.0 on the outside interface. Usually though a duplicate IP means the target address/port has already been assigned. Even as a test, if prod is pointing to that same device you will get that error when trying to set up an additional virtual IP.

riverstech
riverstechAuthor
New Member
June 14, 2019

Makes sense at least I will have most of it in place.

Thanks!

ede_pfau
SuperUser
ede_pfau
SuperUser
June 14, 2019

One word of caution:

be aware that a VIP is an active object. As soon as you create it, it will interact with your network.

In the answer given, '0.0.0.0' stands for a wildcard. It's usually used on a WAN port if that port has a dynamic address (DHCP, PPPoE). Nonetheless, the VIP will react to traffic on the current WAN port right after creating it. Whether or that is infringing with the FGT's operation is up to you.

 

A better way to prepare VIPs in advance:

- create one 'dummy' VIP if you have none already

- in CLI, copy the lines in the section "config firewall vip" up to "end"

- in a text editor, set up all VIP you will need

- you may even include "delete VIP_I_dont_need_anymore" or even "purge"

- when the time has come to install them, run this file as a batch command (System > Advanced)

 

I often use this "offline" method to prepare multiple similar objects, by copying.

Terms & ConditionsAccessibility statement