Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amaroth
New Contributor

FortiOS 5.6.5 match-vip command missing

Hi,

 

I wanted to apply set match-vip enable to policy and it turns out FortiOS doesn't have such a command ! When it was removed, and how can I now accomplish hair-pin NAT ?

 

This is what I get in cli:

 

# set match-vip enable
 
command parse error before 'match-vip'
Command fail. Return code -61

 

When I do set ? it doesn't even display me match-vip as an argument.

2 REPLIES 2
tanr
Valued Contributor II

It's still there in 5.6.6 (and I assume in 5.6.5 since it transferred my match-vip enable settings).

 

Are you setting it from within the specific security policy?  That's where you need to enable it.

ddskier

Example:

 

config firewall policy

  edit 226      set srcintf "Example-SourceInterface"      set dstintf "Example-TargetInterface"      set srcaddr "all"      set dstaddr "all"      set action accept      set schedule "always"      set service "SMTP"      set comments "Hairpin NAT Fix"      set match-vip enable   next

end

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D