We have a support ticket created where we have issue denying traffic to a VIP and the TAC Engineer states that you shouldn´t use VIPs to a local interface IP for SSLVPN or management access.
Often we create a VIP to get https or ssh to a Fortigate and in some cases we use a VIP to SSLVPN to be able to have some better visibility to block traffic with normal policies instead of local-in-policies.
Do someone have any information on if that is correct these days that you shouldn´t use a VIP to a local Fortigate interface IP?
@esec On latest versions it is not recommended to use VIP for local traffic to Fortigate. VIP basically is NAT, so you do nat-ting from public to private, ranges and i doubt will NAT itself for local traffic.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.