Allow VIPs to be enabled or disabled in central NAT mode 7.0.1
In central NAT mode, there is an option to enable or disable the VIP status.
This option is only available for IPv4 VIP and VIP46 objects. |
To configure the VIP status in the GUI:
- Go to Policy & Objects > DNAT & Virtual IPs and click Create New > DNAT & Virtual IP.
- Enter a name (test-vip44-1).
- The Status toggle is enabled by default. Deselect it to disable the status if needed.
- Configure the other settings as needed.
- Click OK.
To configure the VIP status in the CLI:
config firewall vip edit "test-vip44-1" set extip 10.1.100.130 set mappedip "172.16.200.44" set extintf "any" set status {enable | disable} next end
To verify the VIP status:
If the VIP status is enabled, it will appear in the VIP table:
# diagnose firewall iprope list 100000 policy index=7 uuid_idx=625 action=accept flag (8000104): f_p nat pol_stats cos_fwd=0 cos_rev=0 group=00100000 av=00000000 au=00000000 split=00000000 host=0 chk_client_info=0x0 app_list=0 ips_view=0 misc=0 zone(1): 0 -> zone(1): 0 source(1): 0.0.0.0-255.255.255.255, uuid_idx=0, dest(1): 10.1.100.130-10.1.100.130, uuid_idx=625, service(1): [0:0x0:0/(0,0)->(0,0)] helper:auto nat(1): flag=0 base=10.1.100.130:0 172.16.200.44-172.16.200.44(0:0)
If the VIP status is disabled, it will not appear in the VIP table.