Created on 09-08-2024 11:18 PM Edited on 09-08-2024 11:19 PM By Anthony_E
Description | This article discusses FortiGate-VM probe traffic behavior when VIP is enabled. |
Scope | FortiGate-VM. |
Solution |
In the Azure or AWS load balancer, if the FortiGate-VM probe is enabled, the Azure or AWS load balancer sends out a probe to a TCP/UDP port to verify if the VM is up and running.
In case the VIP is enabled for the probe interface, the probe traffic will be sent to the VIP and it will be denied if no policy or no response.
To avoid this, specify the port forwarding or service in the VIP object as below. For example, port1 interface enabled probe traffic with the following VIP.
config firewall VIP
To allow the probe traffic, enable the service or port forwards as below:
config firewall VIP end
Or:
config firewall VIP |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.