VIP with Interface set to "any" and source IP specified always translating

Forum|Forum|8 years ago
April 9, 2018
1 reply
6268 views

Hello,

I have configured a VIP with interface "any" and added optional filters, having source IP address specified. The translations occures all the time, even if the traffic is not coming from the specified source. I'm running FortiOS 5.6.3. In my view this is not a correct behavior. Does anybody else have the same issue?

Thank you guys already for your support.

CHgeek

Nicholas_Doropoulos

New Member

Hi,

It is actually normal behaviour because by default, firewall policies will not match VIP if the latter is not enabled on them. As such, on the CLI, do the following:

config firewall policy

edit [policy that VIP has been configured as the destination on]

set match-vip enable

end

I hope that helps.

citromkolbasz

New Member

Yes, I have same problem with 7.0. Have you found solution? Interface "any" is necessary for me because I want to use it for multiple interfaces.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded