Skip to main content
hhernandez
hhernandez
New Member
June 9, 2015
Question

Connection problem to the public IP from the local network

  • June 9, 2015
  • 2 replies
  • 15631 views

I need help with the following problem.

 

I am on my local network . Wan1 I ping the interface ( public IP ) and does not respond to ping. I ping the gateway and responds . Wan1 I ping the interface ( public IP ) from CLI and responds . I have Internet connection. I can connect me to the firewall from the outside with public IP , not only from the inside . I need to validate redirects ports from inside the network. Currently I have to do it from my home.

 

Can anybody help me.

 

  ----------------------------------

 

Necesito ayuda con el siguiente problema.

 

Estoy en mi red local. Hago ping a la interface de red Wan1 (ip publica) y no responde el ping. Hago ping al gateway y responde. Hago ping a la interface de red Wan1 (ip publica) desde CLI y responde. Tengo conexión a internet. Puedo conectarme al cortafuegos desde el exterior usando la ip publica, pero no desde adentro. Necesito validar la redirección de puertos desde adentro de la red. Actualmente tengo que hacer esto desde mi casa.

 

Alguien puede ayudarme.

 

 

    2 replies

    gschmitt
    gschmitt
    New Member
    June 12, 2015

    Okay let me try to ... guess... what your problem is

     

    hhernandez wrote:

    I am on my local network . Wan1 I ping the interface ( public IP ) and does not respond to ping. I ping the gateway and responds . Wan1 I ping the interface ( public IP ) from CLI and responds . I have Internet connection. I can connect me to the firewall from the outside with public IP , not only from the inside .

     

    Go to System > Network > Interface

    In the Access column is "ping" listed for both internal and wan1? Ping should be enabled on all interfaces that are in use. Blocking ICMP breaks the internet.

     

    I need to validate redirects ports from inside the network. Currently I have to do it from my home.

     

    You want to forward certain ports to machines within your internal network, correct?

     

    Go to Policy & Objects > Objects > Virtual IPs

    Create New

    Enter a name server1_http as an example

    Set Interface to wan1

    As External IP Address/Range enter your wan1 external IP address (as an example 77.66.55.44)

    As Mapped IP Address/Range enter the internal IP of your server/device/service you want to access (as an example 172.16.1.55)

    Check Port Forwarding (Important or all traffic will go to the device)

    Select the protocol (TCP in our case)

    Set the port to 80 (for http)

     

    Repeat that for all ports you need

     

    To to Policy & Objects > Policy & IPv4

    Create new

    Incoming Interface: wan1

    Source Address: all

    Outgoing Interface: internal

    Destination address: the objects created above (here server1_http)

    Service: http (or all services you want)

    Action: Accept

     

    Depending on your server you may need to enable NAT but keep it off if possible

     

    Select Security Profiles as needed and hit OK

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    June 12, 2015

    hi,

     

    it does not matter whether ping is allowed on the 'internal' interface. Only the 'wan1' IF is affected.

    Please check these 2 points:

    1. Does the outgoing policy from 'internal' to 'wan1' allow PING? It might be a restricted set of services, not including ICMP/ping.

    2. Do you use 'Trusted Hosts' in System > Admin > Administrators?

     

    You posted that ping from the CLI does work - from which CLI? The Fortigate's or a command line on your host PC?

    Terms & ConditionsAccessibility statement