- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FG30E VIP setup on interface VLAN of the WAN port
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FG30E VIP setup on interface VLAN of the WAN port
Hi everyone,
My ISP just changed my connection configuration and I now must use a VLAN to connect my fiber to them.
I've created the new VLAN interface off the WAN port interface and I can connect to my ISP now.
The problem is I have quite a few VIP's setup which use the WAN interface and not the VLAN interface. When I try and create a new VIP using the DHCP assigned IP (from ISP) of the VLAN interface I get a "duplicate error"
Is it possible to assign a VIP to a VLAN interface? Why is it detecting a duplicate? Does it not like that the VLAN interface has the ISP's dhcp ip now?
Regards,
Solved! Go to Solution.
Labels:
- Labels:
-
FortiGate
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Gyspy_Dave,
Yes. VIP will work on the VLAN interface.
Duplicate error in the case of VIP will only be seen if there is any existing VIP matching the new rule as duplicate.
Please share with me the output of the commands from FortiGate cli
get system status
diagnose ip add list
get router info routing-table details
Regards
Nagaraju.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Gyspy_Dave,
Yes. VIP will work on the VLAN interface.
Duplicate error in the case of VIP will only be seen if there is any existing VIP matching the new rule as duplicate.
Please share with me the output of the commands from FortiGate cli
get system status
diagnose ip add list
get router info routing-table details
Regards
Nagaraju.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply. ok So the new VIP I am creating is using the DHCP assigned IP (NADUNET2) and using a completely different LAN IP to forward the ports too. Is that classed as a duplicate because its using the DHCP assigned IP from the ISP?
FG-HOME # get system status
Version: FortiGate-30E v6.2.12,build1319,221102 (GA)
Virus-DB: 87.00770(2021-07-20 15:20)
Extended DB: 87.00770(2021-07-20 15:19)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 23.00557(2023-05-18 00:59)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
Serial-Number: FGT30EXXXXXXXXXXX
Botnet DB: 4.00515(2019-07-02 10:00)
BIOS version: 05000016
System Part-Number: PXXXXXXX
Log hard disk: Not available
Hostname: FG-HOME
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 5
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1319
Release Version Information: GA
System time: Tue May 30 14:35:00 2023IP=192.168.10.1->192.168.10.1/255.255.255.0 index=5 devname=lan1
IP=192.168.30.1->192.168.30.1/255.255.255.0 index=6 devname=lan2
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=10 devname=root
IP=10.0.54.209->10.0.54.209/255.255.248.0 index=12 devname=NADUNET2
IP=192.168.1.1->192.168.1.1/255.255.255.0 index=13 devname=lan
IP=169.254.1.1->169.254.1.1/255.255.255.0 index=14 devname=fortilink
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=15 devname=vsys_ha
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=17 devname=vsys_fgfmouting table for VRF=0
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [5/0] via 10.0.48.1, NADUNET2
C 10.0.48.0/21 is directly connected, NADUNET2
C 169.254.1.0/24 is directly connected, fortilink
C 192.168.1.0/24 is directly connected, lan
S 192.168.2.0/24 [15/0] via 192.168.1.101, lan
S 192.168.4.0/24 [10/0] via 192.168.30.2, lan2
C 192.168.10.0/24 is directly connected, lan1
C 192.168.30.0/24 is directly connected, lan2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply. So if there is an existing VIP listed using the old WAN interface with the DHCP assigned IP address from the new VLAN interface but it has a different Mapped IP address than the new VIP I am creating, would that be classed as a duplicate? Because I'm trying to move all the old WAN interface VIPS to the newly configured VLAN interface.
Version: FortiGate-30E v6.2.12,build1319,221102 (GA)
Virus-DB: 87.00770(2021-07-20 15:20)
Extended DB: 87.00770(2021-07-20 15:19)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 23.00557(2023-05-18 00:59)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
Serial-Number: FGT30EXXXXXXXX
Botnet DB: 4.00515(2019-07-02 10:00)
BIOS version: 05000016
System Part-Number: XXXXXX-05
Log hard disk: Not available
Hostname: FG-HOME
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 5
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1319
Release Version Information: GA
System time: Tue May 30 14:51:17 2023
IP=192.168.10.1->192.168.10.1/255.255.255.0 index=5 devname=lan1
IP=192.168.30.1->192.168.30.1/255.255.255.0 index=6 devname=lan2
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=10 devname=root
IP=10.0.54.209->10.0.54.209/255.255.248.0 index=12 devname=NADUNET2
IP=192.168.1.1->192.168.1.1/255.255.255.0 index=13 devname=lan
IP=169.254.1.1->169.254.1.1/255.255.255.0 index=14 devname=fortilink
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=15 devname=vsys_ha
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=17 devname=vsys_fgfm
Routing table for VRF=0
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [5/0] via 10.0.48.1, NADUNET2
C 10.0.48.0/21 is directly connected, NADUNET2
C 169.254.1.0/24 is directly connected, fortilink
C 192.168.1.0/24 is directly connected, lan
S 192.168.2.0/24 [15/0] via 192.168.1.101, lan
S 192.168.4.0/24 [10/0] via 192.168.30.2, lan2
C 192.168.10.0/24 is directly connected, lan1
C 192.168.30.0/24 is directly connected, lan2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Resovled. The problem was the old entries to the WAN interface were classed as "duplicates" So I had delete all the old entries and create new ones with the new VLAN interface. Even though I was creating a completely new mapped IP destination it did not like the fact that an VIP existed with the WAN using the DHCP assigned ISP IP. Thanks for your help.
Related Posts
- Cisco Trunk port to Fortiswitch 372 Views
- Moving away from Software Switches -... 154 Views
- Connecting Two SIP Trunks with Different... 239 Views
- Setup NAT to Web Server with... 276 Views
- No internet connection on the machine... 499 Views
Labels
-
FortiGate
6,459 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
High Availability
21 -
FortiConverter
21 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.