Any specific (URL) literature (or forum dialogue) suggestions as to assigning a VIP to an external interface ZONE?
Our zone contains multiple public facing interfaces that will support bgp.
[align=left]*auto-sig* rb400 << FGT (v6.2.x) [/align]
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi! i think this cannot be performed, as a "Zone" is just for maintain same policy to different physical interfaces. But, you can assign your VIP to "any" interface and then applied to a Policy, that has incoming/outcoming interface as a Zone
escudero wrote:Hi! i think this cannot be performed, as a "Zone" is just for maintain same policy to different physical interfaces. But, you can assign your VIP to "any" interface and then applied to a Policy, that has incoming/outcoming interface as a Zone
I need the identical VIP assigned to multiple interfaces (hence the ZONE idea).
GUI change gives me a "A duplicate entry already exists." error
[align=left]*auto-sig* rb400 << FGT (v6.2.x) [/align]
Hello,
In this case I suggest you register a VIP for each interface are able to aggregate in a VIP group or not, and register the rules of its purpose. In which case the zone will only make the organization the VIP registration in the rules.
Hope this helps.
BdA.lRS wrote:
In which case the zone will only make the organization the VIP registration in the rules.
How do I assign the same IP to both interfaces?
Scenario:
Client1(trying to access 2.2.2.2) ====>ISP1(bgp)===> FGT(bgp)port1(VIP-2.2.2.2)===>FGT(NAT-10.10.10.10)
Client2(trying to access 2.2.2.2) ====>ISP2(bgp)===>FGT(bgp)port2(VIP-2.2.2.2)===>FGT(NAT-10.10.10.10)
My FGT does not allow the above setup or am I missing a step?
[align=left]*auto-sig* rb400 << FGT (v6.2.x) [/align]
Hello I see your configuration as follows. Whereas port1 and port2 IP address of different subnet. Client1 (trying to access 2.2.2.2) ====> ISP1 (BGP) ===> FGT (BGP) port1 (VIP-2.2.2.2) ===> FGT (NAT-10.10.10.10) Client2 (trying to access 2.2.2.2) ====> ISP2 (BGP) ===> FGT (BGP) port2 (3.3.3.3) ===> FGT (BGP) port1 (VIP-2.2.2.2) == FGT(NAT-10.10.10.10) ">=> FGT (NAT-10.10.10.10) I believe the same IP you can not configure.
Hope this helps
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.