Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
esec
New Contributor III

Don´t use VIP to a local interface?

We have a support ticket created where we have issue denying traffic to a VIP and the TAC Engineer states that you shouldn´t use VIPs to a local interface IP for SSLVPN or management access.

 

Often we create a VIP to get https or ssh to a Fortigate and in some cases we use a VIP to SSLVPN to be able to have some better visibility to block traffic with normal policies instead of local-in-policies.

 

Do someone have any information on if that is correct these days that you shouldn´t use a VIP to a local Fortigate interface IP?

 

Thanks.

4 REPLIES 4
xshkurti
Staff
Staff

@esec On latest versions it is not recommended to use VIP for local traffic to Fortigate.
VIP basically is NAT, so you do nat-ting from public to private, ranges and i doubt will NAT itself for local traffic.

esec
New Contributor III

Thanks, never heard of that. In this case its a VIP to a public IP.

 

Do yo have any reference to this? And to clarify, is it not recommended or not supported? :grinning_face:

esec
New Contributor III

esec
New Contributor III

OK, according to the support this is not supported.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors