FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ekrishnan
Staff
Staff

Description

 

This article explains the correct practices to use when configuring the external interface of a virtual server with DHCP addressing mode enabled.

 

Scope

 

FortiGate.

 

Solution

 

The following options must be configured to create a new virtual server:

  • Virtual Server Type.
  • Load Balancing Methods.
  • Health check monitoring (optional).
  • Session persistence (optional).
  • Virtual Server IP (External IP Address).
  • Virtual Server Port (External Port).
  • Real Servers (Mapped IP Address & Port).

 

This article focuses on the Virtual Server IP (external IP address). The WAN interface will be used as an example.

 

When the server has a static WAN IP (the addressing mode on the WAN interface is set to 'static' mode), the assigned IP can be used directly as the external IP address while configuring the virtual server.

 

However, when the WAN interface is set to 'DHCP' mode and learns the IP dynamically, it's necessary to use 0.0.0.0 as the Virtual Server IP (external IP address) when configuring the virtual server.

 

This also applies when configuring a VIP object: when using DHCP addressing mode on an external interface, always configure the VIP external interface IP to be 0.0.0.0.

 

Contributors