Am I missing something?
Why is this allowed on IPv4, but not on IPv6? The one virtual server clearly is configured for UDP, whilst the other is clearly configured for TCP....
config firewall vip6
edit "ffff:ffff:13b0:2000::3/TCP/53 - Network DNS"
set uuid 13d7e1d0-61b7-51ed-424c-4161fc1914cd
set type server-load-balance
set extip ffff:ffff:13b0:2000::3
set color 6
set server-type tcp
set monitor "DNS"
set extport 53
next
end
FW (vip6) # edit "ffff:ffff:13b0:2000::3/UDP/53 - Network DNS"
new entry 'ffff:ffff:13b0:2000::3/UDP/53 - Network DNS' added
FW (ffff:ffff:13b0:2~DNS) # set type server-load-balance
FW (ffff:ffff:13b0:2~DNS) # set extip ffff:ffff:13b0:2000::3
FW (ffff:ffff:13b0:2~DNS) # set color 6
FW (ffff:ffff:13b0:2~DNS) # set server-type udp
FW (ffff:ffff:13b0:2~DNS) # set monitor "DNS"
FW (ffff:ffff:13b0:2~DNS) # set extport 53
FW (ffff:ffff:13b0:2~DNS) # next
The virtual IP is overlapped with another VIP entry-ffff:ffff:13b0:2000::3/TCP/53 - Network DNS,
object check operator error, -5, discard the setting
Command fail. Retur
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello CKnipe1,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hi @CKnipe1 , did a quick test and so far In my case, I`m able to configure it:
FGVM04TM21012228 (vip6) # show
config firewall vip6
edit "ffff:ffff:13b0:2000::3/TCP/53 - Network DNS"
set uuid a330d70a-6113-51ed-aa29-2f6ec7051b16
set type server-load-balance
set extip ffff:ffff:13b0:2000::3
set color 6
set server-type tcp
set extport 53
next
edit "ffff:ffff:13b0:2000::3/UDP/53 - Network DNS"
set uuid c121c300-6113-51ed-ccef-7926ab25c264
set type server-load-balance
set extip ffff:ffff:13b0:2000::3
set color 6
set server-type udp
set extport 53
next
end
The only thing I`m missing from your side is the health monitor, and the firmware version.
P.S I did test it on 6.4.10.
Ahmad
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.