Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rb400
New Contributor

Assign VIP to a Zone ?

Any specific (URL) literature (or forum dialogue) suggestions as to assigning a VIP to an external interface ZONE?

 

Our zone contains multiple public facing interfaces that will support bgp.

 

[align=left]*auto-sig*   rb400 << FGT (v6.2.x) [/align]
[align=left]*auto-sig* rb400 << FGT (v6.2.x) [/align]
5 REPLIES 5
Iescudero
Contributor II

Hi! i think this cannot be performed, as a "Zone" is just for maintain same policy to different physical interfaces. But, you can assign your VIP to "any" interface and then applied to a Policy, that has incoming/outcoming interface as a Zone

 

rb400

escudero wrote:

Hi! i think this cannot be performed, as a "Zone" is just for maintain same policy to different physical interfaces. But, you can assign your VIP to "any" interface and then applied to a Policy, that has incoming/outcoming interface as a Zone

 

I need the identical VIP assigned to multiple interfaces (hence the ZONE idea).

 

GUI change gives me a "A duplicate entry already exists."  error

 

[align=left]*auto-sig*   rb400 << FGT (v6.2.x) [/align]
[align=left]*auto-sig* rb400 << FGT (v6.2.x) [/align]
b_row
New Contributor

Hello,

In this case I suggest you register a VIP for each interface are able to aggregate in a VIP group or not, and register the rules of its purpose. In which case the zone will only make the organization the VIP registration in the rules.

 

Hope this helps.

rb400
New Contributor

BdA.lRS wrote:

 

In which case the zone will only make the organization the VIP registration in the rules.

How do I assign the same IP to both interfaces?

 

Scenario:

Client1(trying to access 2.2.2.2) ====>ISP1(bgp)===> FGT(bgp)port1(VIP-2.2.2.2)===>FGT(NAT-10.10.10.10)

Client2(trying to access 2.2.2.2) ====>ISP2(bgp)===>FGT(bgp)port2(VIP-2.2.2.2)===>FGT(NAT-10.10.10.10)

 

My FGT does not allow the above setup or am I missing a step?

 

[align=left]*auto-sig*   rb400 << FGT (v6.2.x) [/align]
[align=left]*auto-sig* rb400 << FGT (v6.2.x) [/align]
b_row
New Contributor

Hello I see your configuration as follows. Whereas port1 and port2 IP address of different subnet. Client1 (trying to access 2.2.2.2) ====> ISP1 (BGP) ===> FGT (BGP) port1 (VIP-2.2.2.2) ===> FGT (NAT-10.10.10.10) Client2 (trying to access 2.2.2.2) ====> ISP2 (BGP) ===> FGT (BGP) port2 (3.3.3.3) ===> FGT (BGP) port1 (VIP-2.2.2.2) == FGT(NAT-10.10.10.10) ">=> FGT (NAT-10.10.10.10) I believe the same IP you can not configure.

 

Hope this helps

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors