Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

firewall {vip46 | vip64}

Use these commands to configure:

  • Static NAT virtual IPv4 addresses for IPv6 addresses
  • Static NAT virtual IPv6 addresses for IPv4 addresses.
config firewall vip46
    edit {name}
    # Configure IPv4 to IPv6 virtual IPs.
        set name {string}   VIP46 name. size[63]
        set id {integer}   Custom defined id. range[0-65535]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set comment {string}   Comment. size[255]
        set type {static-nat | server-load-balance}   VIP type: static NAT or server load balance.
                static-nat           Static NAT.
                server-load-balance  Server load balance.
        config src-filter
            edit {range}
            # Source IP filter (x.x.x.x/x).
                set range {string}   Src-filter range. size[79]
            next
        set extip {string}   Start-external-IP [-end-external-IP].
        set mappedip {string}   Start-mapped-IP [-end mapped-IP].
        set arp-reply {disable | enable}   Enable ARP reply.
        set portforward {disable | enable}   Enable port forwarding.
        set protocol {tcp | udp}   Mapped port protocol.
                tcp  TCP.
                udp  UDP.
        set extport {string}   External service port.
        set mappedport {string}   Mapped service port.
        set color {integer}   Color of icon on the GUI. range[0-32]
        set ldb-method {option}   Load balance method.
                static         Distribute sessions based on source IP.
                round-robin    Distribute sessions based round robin order.
                weighted       Distribute sessions based on weight.
                least-session  Distribute sessions to the server with the lowest session count.
                least-rtt      Distribute sessions to the server with the lowest Round-Trip-Time.
                first-alive    Distribute sessions to the first server that is alive.
        set server-type {http | tcp | udp | ip}   Server type.
                http  HTTP
                tcp   TCP
                udp   UDP
                ip    IP
        config realservers
            edit {id}
            # Real servers.
                set id {integer}   Real server ID. range[0-4294967295]
                set ip {ipv6 address}   Mapped server IPv6.
                set port {integer}   Mapped server port. range[1-65535]
                set status {active | standby | disable}   Server administrative status.
                        active   Server status active.
                        standby  Server status standby.
                        disable  Server status disable.
                set weight {integer}   weight range[1-255]
                set holddown-interval {integer}   Hold down interval. range[30-65535]
                set healthcheck {disable | enable | vip}   Per server health check.
                set max-connections {integer}   Maximum number of connections allowed to server. range[0-2147483647]
                set monitor {string}   Health monitors. size[64] - datasource(s): firewall.ldb-monitor.name
                set client-ip {string}   Restrict server to a client IP in this range.
            next
        config monitor
            edit {name}
            # Health monitors.
                set name {string}   Health monitor name. size[64] - datasource(s): firewall.ldb-monitor.name
            next
    next
end
config firewall vip64
    edit {name}
    # Configure IPv6 to IPv4 virtual IPs.
        set name {string}   VIP64 name. size[63]
        set id {integer}   Custom defined id. range[0-65535]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set comment {string}   Comment. size[255]
        set type {static-nat | server-load-balance}   VIP type: static NAT or server load balance.
                static-nat           Static NAT.
                server-load-balance  Server load balance.
        config src-filter
            edit {range}
            # Source IP6 filter (x:x:x:x:x:x:x:x/x).
                set range {string}   Src-filter range. size[79]
            next
        set extip {string}   Start-external-IP [-end-external-IP].
        set mappedip {string}   Start-mapped-IP [-end-mapped-IP].
        set arp-reply {disable | enable}   Enable ARP reply.
        set portforward {disable | enable}   Enable port forwarding.
        set protocol {tcp | udp}   Mapped port protocol.
                tcp  TCP.
                udp  UDP.
        set extport {string}   External service port.
        set mappedport {string}   Mapped service port.
        set color {integer}   Color of icon on the GUI. range[0-32]
        set ldb-method {option}   Load balance method.
                static         Distribute sessions based on source IP.
                round-robin    Distribute sessions based round robin order.
                weighted       Distribute sessions based on weight.
                least-session  Distribute sessions to the server with the lowest session count.
                least-rtt      Distribute sessions to the server with the lowest Round-Trip-Time.
                first-alive    Distribute sessions to the first server that is alive.
        set server-type {http | tcp | udp | ip}   Server type.
                http  HTTP
                tcp   TCP
                udp   UDP
                ip    IP
        config realservers
            edit {id}
            # Real servers.
                set id {integer}   Real server ID. range[0-4294967295]
                set ip {ipv4 address any}   Mapped server IP.
                set port {integer}   Mapped server port. range[1-65535]
                set status {active | standby | disable}   Server administrative status.
                        active   Server status active.
                        standby  Server status standby.
                        disable  Server status disable.
                set weight {integer}   weight range[1-255]
                set holddown-interval {integer}   Hold down interval. range[30-65535]
                set healthcheck {disable | enable | vip}   Per server health check.
                set max-connections {integer}   Maximum number of connections allowed to server. range[0-2147483647]
                set monitor {string}   Health monitors. size[64] - datasource(s): firewall.ldb-monitor.name
                set client-ip {string}   Restrict server to a client IP in this range.
            next
        config monitor
            edit {name}
            # Health monitors.
                set name {string}   Health monitor name. size[64] - datasource(s): firewall.ldb-monitor.name
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

firewall {vip46 | vip64}

Use these commands to configure:

  • Static NAT virtual IPv4 addresses for IPv6 addresses
  • Static NAT virtual IPv6 addresses for IPv4 addresses.
config firewall vip46
    edit {name}
    # Configure IPv4 to IPv6 virtual IPs.
        set name {string}   VIP46 name. size[63]
        set id {integer}   Custom defined id. range[0-65535]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set comment {string}   Comment. size[255]
        set type {static-nat | server-load-balance}   VIP type: static NAT or server load balance.
                static-nat           Static NAT.
                server-load-balance  Server load balance.
        config src-filter
            edit {range}
            # Source IP filter (x.x.x.x/x).
                set range {string}   Src-filter range. size[79]
            next
        set extip {string}   Start-external-IP [-end-external-IP].
        set mappedip {string}   Start-mapped-IP [-end mapped-IP].
        set arp-reply {disable | enable}   Enable ARP reply.
        set portforward {disable | enable}   Enable port forwarding.
        set protocol {tcp | udp}   Mapped port protocol.
                tcp  TCP.
                udp  UDP.
        set extport {string}   External service port.
        set mappedport {string}   Mapped service port.
        set color {integer}   Color of icon on the GUI. range[0-32]
        set ldb-method {option}   Load balance method.
                static         Distribute sessions based on source IP.
                round-robin    Distribute sessions based round robin order.
                weighted       Distribute sessions based on weight.
                least-session  Distribute sessions to the server with the lowest session count.
                least-rtt      Distribute sessions to the server with the lowest Round-Trip-Time.
                first-alive    Distribute sessions to the first server that is alive.
        set server-type {http | tcp | udp | ip}   Server type.
                http  HTTP
                tcp   TCP
                udp   UDP
                ip    IP
        config realservers
            edit {id}
            # Real servers.
                set id {integer}   Real server ID. range[0-4294967295]
                set ip {ipv6 address}   Mapped server IPv6.
                set port {integer}   Mapped server port. range[1-65535]
                set status {active | standby | disable}   Server administrative status.
                        active   Server status active.
                        standby  Server status standby.
                        disable  Server status disable.
                set weight {integer}   weight range[1-255]
                set holddown-interval {integer}   Hold down interval. range[30-65535]
                set healthcheck {disable | enable | vip}   Per server health check.
                set max-connections {integer}   Maximum number of connections allowed to server. range[0-2147483647]
                set monitor {string}   Health monitors. size[64] - datasource(s): firewall.ldb-monitor.name
                set client-ip {string}   Restrict server to a client IP in this range.
            next
        config monitor
            edit {name}
            # Health monitors.
                set name {string}   Health monitor name. size[64] - datasource(s): firewall.ldb-monitor.name
            next
    next
end
config firewall vip64
    edit {name}
    # Configure IPv6 to IPv4 virtual IPs.
        set name {string}   VIP64 name. size[63]
        set id {integer}   Custom defined id. range[0-65535]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set comment {string}   Comment. size[255]
        set type {static-nat | server-load-balance}   VIP type: static NAT or server load balance.
                static-nat           Static NAT.
                server-load-balance  Server load balance.
        config src-filter
            edit {range}
            # Source IP6 filter (x:x:x:x:x:x:x:x/x).
                set range {string}   Src-filter range. size[79]
            next
        set extip {string}   Start-external-IP [-end-external-IP].
        set mappedip {string}   Start-mapped-IP [-end-mapped-IP].
        set arp-reply {disable | enable}   Enable ARP reply.
        set portforward {disable | enable}   Enable port forwarding.
        set protocol {tcp | udp}   Mapped port protocol.
                tcp  TCP.
                udp  UDP.
        set extport {string}   External service port.
        set mappedport {string}   Mapped service port.
        set color {integer}   Color of icon on the GUI. range[0-32]
        set ldb-method {option}   Load balance method.
                static         Distribute sessions based on source IP.
                round-robin    Distribute sessions based round robin order.
                weighted       Distribute sessions based on weight.
                least-session  Distribute sessions to the server with the lowest session count.
                least-rtt      Distribute sessions to the server with the lowest Round-Trip-Time.
                first-alive    Distribute sessions to the first server that is alive.
        set server-type {http | tcp | udp | ip}   Server type.
                http  HTTP
                tcp   TCP
                udp   UDP
                ip    IP
        config realservers
            edit {id}
            # Real servers.
                set id {integer}   Real server ID. range[0-4294967295]
                set ip {ipv4 address any}   Mapped server IP.
                set port {integer}   Mapped server port. range[1-65535]
                set status {active | standby | disable}   Server administrative status.
                        active   Server status active.
                        standby  Server status standby.
                        disable  Server status disable.
                set weight {integer}   weight range[1-255]
                set holddown-interval {integer}   Hold down interval. range[30-65535]
                set healthcheck {disable | enable | vip}   Per server health check.
                set max-connections {integer}   Maximum number of connections allowed to server. range[0-2147483647]
                set monitor {string}   Health monitors. size[64] - datasource(s): firewall.ldb-monitor.name
                set client-ip {string}   Restrict server to a client IP in this range.
            next
        config monitor
            edit {name}
            # Health monitors.
                set name {string}   Health monitor name. size[64] - datasource(s): firewall.ldb-monitor.name
            next
    next
end

Additional information

The following section is for those options that require additional explanation.