Three hints:
1. You really like secondary IPs! Usually you try to avoid them if you can. They pose a security risk, they are not visible enough during administration so that they can cause ' side effects' quickly. When I see that you not only have 1 or 2 but dozens of secondary IPs I think that you misunderstand the concept.
What are you trying to achieve with defining these secondary addresses?
2. Your IP pool config is incorrect. If you define the range e.g. 192.168.0.0-192.168.255.255 then the FGT will have to respond to EVERY address in the 192.168 address space. Poor FGT!
So, you may not include a ' 255' byte, and no ' 0' in the host address part. For example, 192.168.X.1 - 192.168.X.254 is completely acceptable.
This is the cause of your ' duplicate address' error on the LAN.
3. If you use so many VIPs to have external hosts contact your internal servers, even for DNS (shudder!), then you can make your policy table a bit more compact by using VIP groups. Put all VIPs for one server into a VIP group, write the policy with that VIP group as destination and put all services mentioned into the ' service' field. That will give just you one policy per server.
But really, I would think twice if I REALLY needed so many holes in the firewall. From a security perspecitve this is a nightmare.
HTH.
Ede Kernel panic: Aiee, killing interrupt handler!