Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ldsouza
Staff
Staff

Created on ‎04-09-2021 07:20 AM Edited on ‎04-07-2023 01:30 AM By Community Manager

Article Id 197165

Technical Tip: cannot create VIP or Address Object entry error 'a duplicate entry already exists/found'

Description


This article provides the solution how to add a VIP or Address object entry without the error 'a duplicate entry already exists or found'.


Solution 


1) A VIP name test has been created where 1.1.1.1 external IP mapped to WAN1 and mapped to internal IP 2.2.2.2 where UDP port-forwarding 10000 has been configured to map port 10000.


 
2) When a user is trying to create second object with VIP name new where 1.1.1.1 external IP mapped to IP 2.2.2.2 where TCP port forwarding done to 222 to 222 but when saving the VIP getting error 'a duplicate entry already exists'.
 
 
 
3) If the VIP with an external IP address is mapped to the same internal even though the Port or protocol is different the firewall will not allow creating the VIP entry as the firewall will do IP lookup, not the ports On the VIP interface set the Interface to 'Any' or map the interface to the VIP entry to the WAN1.
 

 

Solution for Address object

 

If user is tryg  to create an address object with name dropboxcaptch.com and got the error 'duplicate entry found' do the following steps to fix the issue!

From the CLI search the object name with the command "show firewall address | grep dropboxcaptcha -f" to you will get this object like that:

 

FW01 # show firewall address | grep dropboxcaptcha -f
    # config firewall address
        edit "wildcard.dropboxcaptcha.com" <---
            set uuid 4fc11990-cdb0-51ed-ac28-b725b60ed5c3
            set type fqdn
            set fqdn "*dropboxcaptcha.com" <---
        next

 

Now delete thís entry (make these objects not referenced anywhere, otherwise it will necessary to remove them from the referenced configs) and recreate the captcha object.

 

# Config firewall address

delete wildcard.dropboxcaptcha.com

    edit dropboxcaptcha.com

        set type fqdn

        set fqdn "*dropboxcaptcha.com"

    next

end

 

After recreation we can use the Object in our policies like below

 

# config firewall policy
    edit <policy id>
        set proxy transparent-web
        set srcintf "your interface"
        set dstintf "your interface"
        set srcaddr "your interface"
        set dstaddr "dropboxcaptcha.com"<----- The CLI created address object.
        set service "ALL"
        set action accept
        set schedule "always"
    next
end

 

Note:

in some cases newly created address object is still not showing in GUI and for that we need to restart the Firewall or if it is a cluster we need to do a cluster failover!

6594
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.