Created on 12-12-2023 02:14 AM Edited on 12-12-2023 05:42 AM By Jean-Philippe_P
Description | This article describes the case when all IP addresses are used as IP pools and VIPs are considered local IP addresses. |
Scope | FortiOS 7.0.13 and later. |
Solution |
For these cases, the FortiGate is considered as a destination for those IP addresses and can receive reply traffic at the application layer.
It is possible to modify this behavior by disabling the ARP reply with the command below:
config firewall vip
edit <name>
set arp-reply disable
end
The changes regarding the IP pools and VIP behavior are tracked in the KB article below and it describes how the default behavior was changed between OS versions: Technical Tip: IP pool and virtual IP behavior changes in FortiOS 6.4, 7.0, 7.2, and 7.4.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.