Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
esec
New Contributor III

Don´t use VIP to a local interface?

We have a support ticket created where we have issue denying traffic to a VIP and the TAC Engineer states that you shouldn´t use VIPs to a local interface IP for SSLVPN or management access.

 

Often we create a VIP to get https or ssh to a Fortigate and in some cases we use a VIP to SSLVPN to be able to have some better visibility to block traffic with normal policies instead of local-in-policies.

 

Do someone have any information on if that is correct these days that you shouldn´t use a VIP to a local Fortigate interface IP?

 

Thanks.

4 REPLIES 4
xshkurti
Staff
Staff

@esec On latest versions it is not recommended to use VIP for local traffic to Fortigate.
VIP basically is NAT, so you do nat-ting from public to private, ranges and i doubt will NAT itself for local traffic.

esec
New Contributor III

Thanks, never heard of that. In this case its a VIP to a public IP.

 

Do yo have any reference to this? And to clarify, is it not recommended or not supported? :grinning_face:

esec
New Contributor III

esec
New Contributor III

OK, according to the support this is not supported.

Top Kudoed Authors