Feature #16613
closed
Allow using interface subnet macros with interfaces which only contain VIPs
100%
Description
Rules which use interface macros (e.g. OPT1 subnets) are only generated when the interface contains a primary address. If the interface does not have an address assigned but does have a VIP, the rule is omitted from the ruleset.
Files
Updated by Marcos M about 1 month ago
- Status changed from New to In Progress
- Target version set to 2.9.0
- Plus Target Version set to 26.03
Updated by Marcos M about 1 month ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset d23a80da4d34ae2317aa3744856e589e84af30fe.
Updated by Alhusein Zawi about 1 month ago
When attempting to add a VIP to an interface that does not have a primary IP address, a validation message appears and prevents the VIP from being added.
In my opinion, if an interface does not have a primary IP address, it would be better to remove the interface address and interface subnet (for example, OPT1 address and OPT1 subnets) and then add the VIP subnets instead.
26.03.a.20251231.2004
Updated by Marcos M about 1 month ago
The situation occurs when the WAN is set to DHCP and the interface loses its address (e.g. the DHCP server is unavailable to give a lease). The rule generation needs to account for this when a VIP has already been assigned (while it still had an address).
Updated by Jim Pingle 21 days ago
- Subject changed from Allow using interface subnet macros which only have VIPs to Allow using interface subnet macros with interfaces which only contain VIPs