Hey guys,
Can anyone please confirm if using VIP objects set with interface "any" is the issue? I talked to TAC and they are not sure, though fortinet guru site shows it should be fine.
Any feedback is appreciated.
Solved! Go to Solution.
Use any in VIP is fine, we also haven’t specific interface in VIP.
not sure the result of using any as interface. since then I work with FG I often using specific interfaces for my src and dst most esp on VIP/DNAT.
Any Any interfaces if I have multiple vlans inside my FG to eliminate recreating handlfull of vlans rules. :)
Use any in VIP is fine, we also haven’t specific interface in VIP.
Security-wise it bears no meaning to use Any or specific interface, it just binds this object to be used on a specific interface to may be prevent someone from configuring VIP on the wrong interface and then wondering why it is not working (my personal idea of it).
I always set it to Any. Actually, in the case of multiple ISPs, when external IP used in VIP is your own, advertised via BGP to providers, you have to leave VIP as Any or failover/configuring the same VIP for both IPS connections would not work.
Thanks guys for responding...support also got back to me saying it should be fine. Im just bit worried, since we are converting to Fortinet from another vendor and there are lots of NAT rules we had to move over, so this is very critical to work right.
If you have huge amont VIPS, like 2K-3K VIP, set interface will optimize the performace, it will help traffice match the related interface, hope it help.
I cant recall now how many there were, but I believe about 250 or so.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.