I'm configuring internet inbound rules for Azure vWAN SLB using FortiManager 7.4.6 and FortiGate NVA 7.4.7.
I am having the error on this step: https://docs.fortinet.com/document/fortigate-public-cloud/7.4.0/azure-vwan-sd-wan-ngfw-deployment-gu...
Tried IP, full resource ID, and exact name. Any help is appreciated!
Error log:
Starting log (Run on device)
Start installing
forti-ngfw-fyalsqc3w~000 config azure vwan-slb
forti-ngfw-fyalsqc3w~000 (vwan-slb) config permanent-security-rules
forti-ngfw-fyalsqc3w~000 (permanent-securi~les) set status enable
forti-ngfw-fyalsqc3w~000 (permanent-securi~les) config rules
forti-ngfw-fyalsqc3w~000 (rules) edit "test"
forti-ngfw-fyalsqc3w~000 (test) set source-address-prefix "*"
forti-ngfw-fyalsqc3w~000 (test) set destination-port-ranges "443"
forti-ngfw-fyalsqc3w~000 (test) set applies-on "forti-slb-pip"
invalid ingress public IP: forti-slb-pip
acceptable public IP name:
Command fail. Return code -9999
forti-ngfw-fyalsqc3w~000 (test) next
Attribute 'applies-on' MUST be set.
Command fail. Return code 1
forti-ngfw-fyalsqc3w~000 (rules) end
forti-ngfw-fyalsqc3w~000 (permanent-securi~les) end
forti-ngfw-fyalsqc3w~000 (vwan-slb) end
---> generating verification report
( azure vwan-slb permanent-security-rules rules )
add entry "test"
(global: azure vwan-slb permanent-security-rules rules "test":source-address-prefix)
remote original:
to be installed: "*"
(global: azure vwan-slb permanent-security-rules rules "test":destination-port-ranges)
remote original:
to be installed: "443"
(global: azure vwan-slb permanent-security-rules rules "test":applies-on)
remote original:
to be installed: "forti-slb-pip"
<--- done generating verification report
------- Start to retry --------
forti-ngfw-fyalsqc3w~000 config azure vwan-slb
forti-ngfw-fyalsqc3w~000 (vwan-slb) config permanent-security-rules
forti-ngfw-fyalsqc3w~000 (permanent-securi~les) config rules
forti-ngfw-fyalsqc3w~000 (rules) edit "test"
forti-ngfw-fyalsqc3w~000 (test) set source-address-prefix "*"
forti-ngfw-fyalsqc3w~000 (test) set destination-port-ranges "443"
forti-ngfw-fyalsqc3w~000 (test) set applies-on "forti-slb-pip"
invalid ingress public IP: forti-slb-pip
acceptable public IP name:
Command fail. Return code -9999
forti-ngfw-fyalsqc3w~000 (test) next
Attribute 'applies-on' MUST be set.
Command fail. Return code 1
forti-ngfw-fyalsqc3w~000 (rules) end
forti-ngfw-fyalsqc3w~000 (permanent-securi~les) end
forti-ngfw-fyalsqc3w~000 (vwan-slb) end
---> generating verification report
( azure vwan-slb permanent-security-rules rules )
add entry "test"
(global: azure vwan-slb permanent-security-rules rules "test":source-address-prefix)
remote original:
to be installed: "*"
(global: azure vwan-slb permanent-security-rules rules "test":destination-port-ranges)
remote original:
to be installed: "443"
(global: azure vwan-slb permanent-security-rules rules "test":applies-on)
remote original:
to be installed: "forti-slb-pip"
<--- done generating verification report
install failed
1 Solution
