Hi everyone,
I would like to seek assistance from the experienced forum members on below scenario-
I have a FG Firewall having 2 BGP peerings and announcing a public pool. The peers are configured as primary/backup in BGP using the attributes (LP/AS prepend) . These 2 interfaces over which the BGP peers are formed are bounded in a zone called "North Zone"
Now, I have a web server which is using 1 IP from public pool which is being announced over BGP.
Web Server (10.0.0.1)-----> Fortigate Firewall --- > interface port1---announcing 20.20.20.0/24 to primary peer1
Web Server (10.0.0.1)-----> Fortigate Firewall --->interface port2---announcing 20.20.20.0/24 to secondary peer2
Now, I would like to have a static NAT using VIP for the web server 10.0.0.1 <---->20.20.20.1
Problem: VIP lets me bind to only 1 interface however in the event primary path is reachable the secondary peer will still have the path to the public pool but this static nat will not work unless I manually create the VIP entry..
I haven't used the "any" option for now as I had a bad experience with this NAT option in VIP. It hadn't worked but will again give a try to check the flow.
Please provide your valuable inputs on this issue and let me know the solution if you ever encountered this scenario.
Thanks,
Sandeep Jha
This worked with 'any' option just in case someone get into similar situation.
Thanks, Sandeep Jha
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.