Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CKnipe1
New Contributor

IPv6 Virtual Servers

Am I missing something?

 

Why is this allowed on IPv4, but not on IPv6?  The one virtual server clearly is configured for UDP, whilst the other is clearly configured for TCP....

 

 

 

 

config firewall vip6
    edit "ffff:ffff:13b0:2000::3/TCP/53 - Network DNS"
        set uuid 13d7e1d0-61b7-51ed-424c-4161fc1914cd
        set type server-load-balance
        set extip ffff:ffff:13b0:2000::3
        set color 6
        set server-type tcp
        set monitor "DNS"
        set extport 53
    next
end

FW (vip6) # edit "ffff:ffff:13b0:2000::3/UDP/53 - Network DNS"
new entry 'ffff:ffff:13b0:2000::3/UDP/53 - Network DNS' added

FW (ffff:ffff:13b0:2~DNS) # set type server-load-balance

FW (ffff:ffff:13b0:2~DNS) # set extip ffff:ffff:13b0:2000::3

FW (ffff:ffff:13b0:2~DNS) # set color 6

FW (ffff:ffff:13b0:2~DNS) # set server-type udp

FW (ffff:ffff:13b0:2~DNS) # set monitor "DNS"

FW (ffff:ffff:13b0:2~DNS) # set extport 53

FW (ffff:ffff:13b0:2~DNS) # next
The virtual IP is overlapped with another VIP entry-ffff:ffff:13b0:2000::3/TCP/53 - Network DNS,
object check operator error, -5, discard the setting
Command fail. Retur

 

 

 

 

2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Hello CKnipe1,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
aahmadzada
Staff
Staff

Hi @CKnipe1 , did a quick test and so far In my case, I`m able to configure it:

FGVM04TM21012228 (vip6) # show
config firewall vip6
edit "ffff:ffff:13b0:2000::3/TCP/53 - Network DNS"
set uuid a330d70a-6113-51ed-aa29-2f6ec7051b16
set type server-load-balance
set extip ffff:ffff:13b0:2000::3
set color 6
set server-type tcp
set extport 53
next
edit "ffff:ffff:13b0:2000::3/UDP/53 - Network DNS"
set uuid c121c300-6113-51ed-ccef-7926ab25c264
set type server-load-balance
set extip ffff:ffff:13b0:2000::3
set color 6
set server-type udp
set extport 53
next
end

The only thing I`m missing from your side is the health monitor, and the firmware version.

P.S I did test it on 6.4.10.

 

Ahmad

Ahmad
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors