We have a support ticket created where we have issue denying traffic to a VIP and the TAC Engineer states that you shouldn´t use VIPs to a local interface IP for SSLVPN or management access.
Often we create a VIP to get https or ssh to a Fortigate and in some cases we use a VIP to SSLVPN to be able to have some better visibility to block traffic with normal policies instead of local-in-policies.
Do someone have any information on if that is correct these days that you shouldn´t use a VIP to a local Fortigate interface IP?
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
@esec On latest versions it is not recommended to use VIP for local traffic to Fortigate.
VIP basically is NAT, so you do nat-ting from public to private, ranges and i doubt will NAT itself for local traffic.
Thanks, never heard of that. In this case its a VIP to a public IP.
Do yo have any reference to this? And to clarify, is it not recommended or not supported? :grinning_face:
Technical Tip: Access SSL VPN from Secondary IP on... - Fortinet Community
Is this unsupported @xshkurti @sgagan?
OK, according to the support this is not supported.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.