| Description |
This article describes VIP error when a new VIP is created.
'The virtual IP is overlapped with another VIP entry-test. object check operator error, -5, discard the setting Command fail. Return code -5' |
| Scope |
FortiGate. |
| Solution |
When a second server with the same IP in ZTNA is created:
Artorias-kvm24 # config firewall vip Artorias-kvm24 (vip) # show config firewall vip edit "test" set uuid 9c91abda-b542-51ed-bda8-9805521dbda4 set extip 10.12.1.1 set mappedip "192.168.1.1" set extintf "any" set portforward enable set extport 443 set mappedport 443 next edit "Clone of test" set uuid 1d9b81e2-b543-51ed-d170-c5cc36397565 set extip 10.12.1.2 set mappedip "192.168.1.1" set extintf "any" set portforward enable set extport 443 set mappedport 443 next end Artorias-kvm24 (Clone of test) # set extip 10.12.1.1 Artorias-kvm24 (Clone of test) # end The virtual IP is overlapped with another VIP entry-test. object check operator error, -5, discard the setting Command fail. Return code -5
Solution: Use the same external IP with a different port to use the same external server or change the external IP as the same information.
Artorias-kvm24 # config firewall vip Artorias-kvm24 (vip) # edit Clone\ of\ test Artorias-kvm24 (Clone of test) # set extip 10.12.1.1 Artorias-kvm24 (Clone of test) # set extport 4443 Artorias-kvm24 (Clone of test) # end
Note: this issue is overriding in the v7.2.5 and above version. In v7.2.5 and v7.4.0, it is possible to create the same VIP with the same port forwarding with no error.
config firewall vip edit "test" set uuid bf1609b2-4287-51ee-c7ef-326ddb40076b set extip 10.12.1.2 set mappedip "192.168.1.1" set extintf "any" set portforward enable set extport 443 set mappedport 443 next edit "Clone of test" set uuid c415685e-4287-51ee-9746-639940811c61 set extip 10.12.1.1 set mappedip "192.168.1.1" set extintf "any" set portforward enable set extport 443 set mappedport 443 next end
|
