FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jiyong
Staff
Staff
Article Id 338620
Description

 

This article describes how to resolve if VIP settings for the same external IP are not possible.

 

Scope

 

FortiGate v7.0.

 

Solution

 

Before v7.2:

 

The goal is to configure the same external IP (VIP) address to be mapped to different internal IPs. However, creating the same external IP address occurs as 'External IP Overlapped' because the overlap check for VIP until v7.2

 

Example 1:


config firewall vip

edit "test-vip-1"

set extip 10.1.100.100
set mappedip "172.16.200.156"
set extintf "port24"
next

edit "test-vip-2"

set extip 10.1.100.100
set mappedip "172.16.200.156"
set extintf "port24"
set src-filter 10.1.100.1

next

end

 

Example 2:


config firewall vip

edit "test-vip-3"

set extip 172.16.10.240
set mappedip "192.168.10.10"
set extintf "port24"

next

edit "test-vip-4"

set extip 172.16.10.240
set mappedip "192.168.10.150"
set extintf "port24"
set src-filter 172.16.10.150

next

end

 

From the older firmware (before v7.2), This is expected.
* Services or Port Forwarding are available in that version (before v7.2).

 

After v7.2:

To use the same external IP above, FortiGate needs a firmware upgrade to v7.2.0 (new-features). See the Remove overlap check for VIPs for more information.

Contributors