While creating a Firewall Policy in the destination field VIP is not visible even though it is configured.

This is because the VIP might be associated with a particular interface, and it will be visible only for the policy having the source interface the same as the associated interface.

Verify the associated interface in VIP on GUI.

In the below example VIP is associated with port5 hence the VIP will be only visible in the policy having source interface as port5.


When the source interface of the Firewall Policy is Port5, it can be possible to add the VIP in the firewall policy:

To add the VIP in other policies, change the interface of VIP to any and post that it will be visible.

Same can be verified through the CLI.

config firewall vip
    edit "VIP-Profile"
        set uuid c9ee930a-c688-51ef-38e4-11505dcf36df
        set extip 172.16.1.10
        set mappedip "10.1.1.1"
        set extintf "port5"  <-- port5 is binded.
    next
end

To change the interface binding run the below commands.

config firewall vip
    edit VIP-Profile
        set extintf any

end

Note: To change the interface to ANY make sure that there is no reference to the VIP.