DEVHIDE
Login Or Sign up

Issue fortiOS when creating a srcintf "any" with vip as destination

545 Views Asked by At

I have to create the following policy:

config firewall policy
edit 0
set srcintf "any"
set dstintf "interface2"
set srcaddr "all"
set dstaddr "vip1"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
end

Existing VIP is:

    config firewall vip
    edit "vip1"
        set uuid xxxxx
        set extip 10.1.0.43
        set extintf "interface1"
        set mappedip "x.x.70.9"
    next
    end

Which is mapped to:

get router info routing-table details x.x.70.9 Routing entry for x.x.70.0/27 Known via "static", distance 10, metric 0, best

  • 10.10.70.1, via "interface2"

But when I create the policy, it only lets me put "interface1" as srcintf. This does not work for me as I need an 'srcintf "any"' policy.

Error code is 651.

Anyone sees what I'm missing?

Thanks in advance!

fortigate
Original Q&A
1

There are 1 best solutions below

0
On

Change the VIP interface to "any". Then you can chose "any" as sourceinterface in the policy as well.

In your example:

config firewall vip
    edit "vip_name1"
        set extip 10.1.0.43
        set extintf "any" <---
        set mappedip "x.x.70.9"
    next
end

Related Questions in FORTIGATE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.