Hi everyone,
My ISP just changed my connection configuration and I now must use a VLAN to connect my fiber to them.
I've created the new VLAN interface off the WAN port interface and I can connect to my ISP now.
The problem is I have quite a few VIP's setup which use the WAN interface and not the VLAN interface. When I try and create a new VIP using the DHCP assigned IP (from ISP) of the VLAN interface I get a "duplicate error"
Is it possible to assign a VIP to a VLAN interface? Why is it detecting a duplicate? Does it not like that the VLAN interface has the ISP's dhcp ip now?
Regards,
Solved! Go to Solution.
Hello Gyspy_Dave,
Yes. VIP will work on the VLAN interface.
Duplicate error in the case of VIP will only be seen if there is any existing VIP matching the new rule as duplicate.
Please share with me the output of the commands from FortiGate cli
get system status
diagnose ip add list
get router info routing-table details
Regards
Nagaraju.
Hello Gyspy_Dave,
Yes. VIP will work on the VLAN interface.
Duplicate error in the case of VIP will only be seen if there is any existing VIP matching the new rule as duplicate.
Please share with me the output of the commands from FortiGate cli
get system status
diagnose ip add list
get router info routing-table details
Regards
Nagaraju.
Thanks for the reply. ok So the new VIP I am creating is using the DHCP assigned IP (NADUNET2) and using a completely different LAN IP to forward the ports too. Is that classed as a duplicate because its using the DHCP assigned IP from the ISP?
FG-HOME # get system status
Version: FortiGate-30E v6.2.12,build1319,221102 (GA)
Virus-DB: 87.00770(2021-07-20 15:20)
Extended DB: 87.00770(2021-07-20 15:19)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 23.00557(2023-05-18 00:59)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
Serial-Number: FGT30EXXXXXXXXXXX
Botnet DB: 4.00515(2019-07-02 10:00)
BIOS version: 05000016
System Part-Number: PXXXXXXX
Log hard disk: Not available
Hostname: FG-HOME
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 5
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1319
Release Version Information: GA
System time: Tue May 30 14:35:00 2023
IP=192.168.10.1->192.168.10.1/255.255.255.0 index=5 devname=lan1
IP=192.168.30.1->192.168.30.1/255.255.255.0 index=6 devname=lan2
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=10 devname=root
IP=10.0.54.209->10.0.54.209/255.255.248.0 index=12 devname=NADUNET2
IP=192.168.1.1->192.168.1.1/255.255.255.0 index=13 devname=lan
IP=169.254.1.1->169.254.1.1/255.255.255.0 index=14 devname=fortilink
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=15 devname=vsys_ha
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=17 devname=vsys_fgfm
outing table for VRF=0
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [5/0] via 10.0.48.1, NADUNET2
C 10.0.48.0/21 is directly connected, NADUNET2
C 169.254.1.0/24 is directly connected, fortilink
C 192.168.1.0/24 is directly connected, lan
S 192.168.2.0/24 [15/0] via 192.168.1.101, lan
S 192.168.4.0/24 [10/0] via 192.168.30.2, lan2
C 192.168.10.0/24 is directly connected, lan1
C 192.168.30.0/24 is directly connected, lan2
Thanks for the reply. So if there is an existing VIP listed using the old WAN interface with the DHCP assigned IP address from the new VLAN interface but it has a different Mapped IP address than the new VIP I am creating, would that be classed as a duplicate? Because I'm trying to move all the old WAN interface VIPS to the newly configured VLAN interface.
Version: FortiGate-30E v6.2.12,build1319,221102 (GA)
Virus-DB: 87.00770(2021-07-20 15:20)
Extended DB: 87.00770(2021-07-20 15:19)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 23.00557(2023-05-18 00:59)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
Serial-Number: FGT30EXXXXXXXX
Botnet DB: 4.00515(2019-07-02 10:00)
BIOS version: 05000016
System Part-Number: XXXXXX-05
Log hard disk: Not available
Hostname: FG-HOME
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 5
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1319
Release Version Information: GA
System time: Tue May 30 14:51:17 2023
IP=192.168.10.1->192.168.10.1/255.255.255.0 index=5 devname=lan1
IP=192.168.30.1->192.168.30.1/255.255.255.0 index=6 devname=lan2
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=10 devname=root
IP=10.0.54.209->10.0.54.209/255.255.248.0 index=12 devname=NADUNET2
IP=192.168.1.1->192.168.1.1/255.255.255.0 index=13 devname=lan
IP=169.254.1.1->169.254.1.1/255.255.255.0 index=14 devname=fortilink
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=15 devname=vsys_ha
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=17 devname=vsys_fgfm
Routing table for VRF=0
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [5/0] via 10.0.48.1, NADUNET2
C 10.0.48.0/21 is directly connected, NADUNET2
C 169.254.1.0/24 is directly connected, fortilink
C 192.168.1.0/24 is directly connected, lan
S 192.168.2.0/24 [15/0] via 192.168.1.101, lan
S 192.168.4.0/24 [10/0] via 192.168.30.2, lan2
C 192.168.10.0/24 is directly connected, lan1
C 192.168.30.0/24 is directly connected, lan2
Resovled. The problem was the old entries to the WAN interface were classed as "duplicates" So I had delete all the old entries and create new ones with the new VLAN interface. Even though I was creating a completely new mapped IP destination it did not like the fact that an VIP existed with the WAN using the DHCP assigned ISP IP. Thanks for your help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.