Description
This article explains the correct practices to use when configuring the external interface of a virtual server with DHCP addressing mode enabled.
Scope
FortiGate.
Solution
The following options must be configured to create a new virtual server:
- Virtual Server Type.
- Load Balancing Methods.
- Health check monitoring (optional).
- Session persistence (optional).
- Virtual Server IP (External IP Address).
- Virtual Server Port (External Port).
- Real Servers (Mapped IP Address & Port).
This article focuses on the Virtual Server IP (external IP address). The WAN interface will be used as an example.
When the server has a static WAN IP (the addressing mode on the WAN interface is set to 'static' mode), the assigned IP can be used directly as the external IP address while configuring the virtual server.
However, when the WAN interface is set to 'DHCP' mode and learns the IP dynamically, it's necessary to use 0.0.0.0 as the Virtual Server IP (external IP address) when configuring the virtual server.
This also applies when configuring a VIP object: when using DHCP addressing mode on an external interface, always configure the VIP external interface IP to be 0.0.0.0.
Note:
If 'any' interface is selected, 0.0.0.0 will not be allowed and GUI will show an error indicating 'IP must not be zero'.
Port forwarding must be used in case of multiple VIPs to avoid conflict.
