Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CHgeek
New Contributor

VIP with Interface set to "any" and source IP specified always translating

Hello,

 

I have configured a VIP with interface "any" and added optional filters, having source IP address specified. The translations occures all the time, even if the traffic is not coming from the specified source. I'm running FortiOS 5.6.3. In my view this is not a correct behavior. Does anybody else have the same issue?

 

Thank you guys already for your support.

CHgeek

2 REPLIES 2
Nicholas_Doropoulos
Contributor

Hi,

 

It is actually normal behaviour because by default, firewall policies will not match VIP if the latter is not enabled on them. As such, on the CLI, do the following:

 

config firewall policy 

 edit [policy that VIP has been configured as the destination on]

 set match-vip enable

end

 

I hope that helps.

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
citromkolbasz

Yes, I have same problem with 7.0. Have you found solution? Interface "any" is necessary for me because I want to use it for multiple interfaces.

Labels
Top Kudoed Authors