I have to create the following policy:
config firewall policy
edit 0
set srcintf "any"
set dstintf "interface2"
set srcaddr "all"
set dstaddr "vip1"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
end
Existing VIP is:
config firewall vip
edit "vip1"
set uuid xxxxx
set extip 10.1.0.43
set extintf "interface1"
set mappedip "x.x.70.9"
next
end
Which is mapped to:
get router info routing-table details x.x.70.9 Routing entry for x.x.70.0/27 Known via "static", distance 10, metric 0, best
- 10.10.70.1, via "interface2"
But when I create the policy, it only lets me put "interface1" as srcintf. This does not work for me as I need an 'srcintf "any"' policy.
Error code is 651.
Anyone sees what I'm missing?
Thanks in advance!
Change the VIP interface to "any". Then you can chose "any" as sourceinterface in the policy as well.
In your example: