Browse
Fortinet Community
Help
Sign In
Forums
Support Forum
Knowledge Base
Customer Service
FortiGate
FortiClient
FortiAP
FortiAnalyzer
FortiADC
FortiAuthenticator
FortiBridge
FortiCache
FortiCarrier
FortiCASB
FortiConnect
FortiConverter
FortiCNP
FortiDAST
FortiDDoS
FortiDB
FortiDNS
FortiDeceptor
FortiDevSec
FortiDirector
FortiEDR
FortiExtender
FortiGate Cloud
FortiGuard
FortiHypervisor
FortiInsight
FortiIsolator
FortiMail
FortiManager
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR (on-premise)
FortiNDRCloud
FortiPAM
FortiPortal
FortiProxy
FortiRecon
FortiRecorder
FortiSandbox
FortiSASE
FortiScan
FortiSIEM
FortiSOAR
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
Wireless Controller
RMA Information and Announcements
FortiCloud Products
ZTNA
4D Documents
Community Groups
Agora
Engage Services
The EPSP Platform
The ETSP Platform
Finland
FortiGate-VM on AWS
Getting Started Resources
Technical Learning
Fortinet for SAP
Discussions
Technical Learning
Knowledge Base
Idea Exchange
Events
FortiSIEM
Discussions
Blog
FortiSOAR
Discussions
Announcements
Idea Exchange
KCS
Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Fortinet Community
Knowledge Base
FortiGate
Technical Tip: VIPs as local IP address
Options
Subscribe to RSS Feed
Mark as New
Mark as Read
Bookmark
Subscribe
Printer Friendly Page
Report Inappropriate Content
gpeluso
Staff
Created on
12-12-2023
02:14 AM
Edited on
12-12-2023
05:42 AM
By
Jean-Philippe_P
Article Id
288894
Technical Tip: VIPs as local IP address
Description
This article describes the case when all IP addresses are used as IP pools and VIPs are considered local IP addresses.
Scope
FortiOS 7.0.13 and later.
Solution
For these cases, the FortiGate is considered as a destination for those IP addresses and can receive reply traffic at the application layer.
It is possible to modify this behavior by disabling the ARP reply with the command below:
config firewall vip
edit <name>
set arp-reply disable
end
The changes regarding the IP pools and VIP behavior are tracked in the KB article below and it describes how the default behavior was changed between OS versions:
Technical Tip: IP pool and virtual IP behavior changes in FortiOS 6.4, 7.0, 7.2, and 7.4.
Contributors
gpeluso
anikolov
Jean-Philippe_P
