Fortinet black logo

Version:

7.4.0
7.2.0
7.0.0

Version:

6.4.0
6.2.0

Table of Contents

New Features

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Download PDF
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:448790
Copy Link

Allow VIPs to be enabled or disabled in central NAT mode 7.0.1

In central NAT mode, there is an option to enable or disable the VIP status.

Note

This option is only available for IPv4 VIP and VIP46 objects.
To configure the VIP status in the GUI:
  1. Go to Policy & Objects > DNAT & Virtual IPs and click Create New > DNAT & Virtual IP.
  2. Enter a name (test-vip44-1).
  3. The Status toggle is enabled by default. Deselect it to disable the status if needed.
  4. Configure the other settings as needed.

  5. Click OK.
To configure the VIP status in the CLI:
config firewall vip
    edit "test-vip44-1"
        set extip 10.1.100.130
        set mappedip "172.16.200.44"
        set extintf "any"
        set status {enable | disable}
    next
end
To verify the VIP status:

If the VIP status is enabled, it will appear in the VIP table:

# diagnose firewall iprope list 100000
policy index=7 uuid_idx=625 action=accept
flag (8000104): f_p nat pol_stats
cos_fwd=0  cos_rev=0
group=00100000 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 10.1.100.130-10.1.100.130, uuid_idx=625,
service(1):
        [0:0x0:0/(0,0)->(0,0)] helper:auto
nat(1): flag=0 base=10.1.100.130:0 172.16.200.44-172.16.200.44(0:0)

If the VIP status is disabled, it will not appear in the VIP table.

Previous
Next

Allow VIPs to be enabled or disabled in central NAT mode 7.0.1

In central NAT mode, there is an option to enable or disable the VIP status.

Note

This option is only available for IPv4 VIP and VIP46 objects.
To configure the VIP status in the GUI:
  1. Go to Policy & Objects > DNAT & Virtual IPs and click Create New > DNAT & Virtual IP.
  2. Enter a name (test-vip44-1).
  3. The Status toggle is enabled by default. Deselect it to disable the status if needed.
  4. Configure the other settings as needed.

  5. Click OK.
To configure the VIP status in the CLI:
config firewall vip
    edit "test-vip44-1"
        set extip 10.1.100.130
        set mappedip "172.16.200.44"
        set extintf "any"
        set status {enable | disable}
    next
end
To verify the VIP status:

If the VIP status is enabled, it will appear in the VIP table:

# diagnose firewall iprope list 100000
policy index=7 uuid_idx=625 action=accept
flag (8000104): f_p nat pol_stats
cos_fwd=0  cos_rev=0
group=00100000 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 10.1.100.130-10.1.100.130, uuid_idx=625,
service(1):
        [0:0x0:0/(0,0)->(0,0)] helper:auto
nat(1): flag=0 base=10.1.100.130:0 172.16.200.44-172.16.200.44(0:0)

If the VIP status is disabled, it will not appear in the VIP table.

Previous
Next