Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SaVen
New Contributor

Created on ‎07-13-2018 01:10 AM

Disable Virtual IP for a specific policy

We have two policies for a source subnet, one for internal and external access with same source and destination interfaces in both policies.

 

There are virtual IP's created for some source address for internal access however these Nat address are overriding the PAT configured for external access and natting to specific virtual IP's instead of PAT. Which is creating access issues. 

 

Is there way I can exclude this virtual IP's being considered for external policy.

 

Thanks,

Saven

8681
0 Kudos
3 REPLIES 3
Nicholas_Doropoulos
Contributor

Created on ‎07-13-2018 03:34 AM

Hi,

 

You should be able to do that by running the following commands:

 

config firewall policy

edit [relevant policy]

set match-vip disable

end

 

Then test to verify results.

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
3798
0 Kudos
SaVen
New Contributor
In response to Nicholas_Doropoulos

Created on ‎07-13-2018 04:13 AM

Hi, 

 

That is already disabled by default. 

 

Thanks

3798
0 Kudos
SaVen
New Contributor
In response to SaVen

Created on ‎07-20-2018 02:49 AM

any comments on this ?

 

Doesn't this work only as DNAT ? I see that even when traffic is initiating(source) from 100.5.2.5 it is resolving to 100.5.6.9? Cant we force it to be only a DNAT?

 

config firewall vip     edit "some_nat         set id 0         set comment ''         set type static-nat         set extip 100.5.6.9         set extintf "any"         set arp-reply enable         set nat-source-vip disable         set portforward disable         set gratuitous-arp-interval 0         set color 0         set mappedip "100.5.2.5"     next end

3798
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.