IP pools and VIPs are now considered local addresses
In FortiOS 7.2.6 and later, all IP addresses used as IP pools and VIPs are now considered local IP addresses if responding to ARP requests on these external IP addresses is enabled (set arp-reply enable
, by default). For these cases, the FortiGate is considered a destination for those IP addresses and can receive reply traffic at the application layer.
Previously in FortiOS 7.2.0 to 7.2.5, this was not the case. For details on the history of the behavior changes for IP pools and VIPs, and for issues and their workarounds for the affected FortiOS versions, see Technical Tip: IP pool and virtual IP behavior changes in FortiOS 6.4, 7.0, 7.2, and 7.4.