Created on 09-21-2009 08:05 AM Edited on 06-09-2022 03:24 PM By Anonymous
Description
This article describes some scenario where a loopback interface can be used.
The advantage of a interface it that this logical interface is always up (no physical link dependency) and the attached subnets always present in the routing table.
It allows connections to the FortiGate's loopback IP address without depending on one specific external port, and it is therefore possible to access it through several physical or VLAN interfaces (redundancy).
Multiple loopback interfaces can be configured in either non-VDOM mode or in each VDOM.
Note that using loopback interfaces requires the configuration of appropriate firewall policies to allow traffic to and from this (those) interface(s)
Some scenario where a loopback interface can be used:
Note 1 : Dynamic routing protocols can be enabled on loopback interfaces
Note 2 : For blackhole static route, use the blackhole route type instead of the loopback interface.
Scope
Solution
Configuration example :
config system interface
edit "loopback"
set vdom "root"
set ip 10.0.0.2 255.255.255.255
set allowaccess ping
set type loopback
next
end |
BGP peering and Management access scenario :
The loopback interface is seen from the routing table as connected interface :
FGT1 # get router info routing-table all
[......] C 10.0.0.2/32 is directly connected, loopback [......] |
See more details about BGP peering with a loopback interface in the related article at the end of this page : "Technical Note: Configuring BGP on a FortiGate with single-homed eBGP peering, iBGP peering, access-list and OSPF"
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.