Skip to main content
syldor
syldor
New Member
November 4, 2015
Question

External access to web server

  • November 4, 2015
  • 2 replies
  • 17904 views

Hi there,

 

I'm trying to allow external access to an internal web server controlled by a Fortigate 300D unit.

I have a web server at internal address 10.18.1.22 listening on port 3000. Access ok from the network.

My network only has one external ip address EXT_IP (that i can see when going on whatismyip.com).

I want to open external access to the server so I did the following:

[ul]
  • Create a virtual IP[/ul]

    External IP Address: EXT_IP

    Mapped IP Address: 10.18.1.22

    External Service Port: 3000-3000

    Map to Port: 3000-3000

     

    [ul]
  • Create a new policy (IPv4)[/ul]

    Incoming interface: Port 2 (External)

    Source Address: all

    Outgoing Interface: Port 1 (Internal)

    Destination Address: My Virtual IP

    Service: HTTP, HTTPS

     

    Additional information:

    Port 2 (External) is an interface with address EXT_IP and PING, HTTPS and HTTP access.

     

    I thought that with this configuration, I could go to:

    http://EXT_IP:3000 and access my web server, but it's not the case, nothing happens.

     

    What am I missing ? 

     

    Many thanks, 

     

     

      • 2 replies

      Shridhar
      Shridhar
      New Member
      November 4, 2015

      Make below changes in policy.

       

      Incoming interface: Port 2 (External) Source Address: all Outgoing Interface: Port 1 (Internal) Destination Address: My Virtual IP Service: PORT_3000

      syldor
      syldorAuthor
      New Member
      November 4, 2015

      Do you mean creating a service with port 3000 redirection ? 

      Actually I tried Service: all and all_udp and it's still not working.

      Should I wait between updating rules and trying to access with my browser ?

      Thanks anyway, 

       

      Shridhar
      Shridhar
      New Member
      November 4, 2015

      Just create a new service Port_3000 service in the firewall, & attached that service in policy.

      If you allowed all so it wont work.

      gschmitt
      gschmitt
      New Member
      November 5, 2015

      syldor wrote:

      My network only has one external ip address EXT_IP (that i can see when going on whatismyip.com).

      This does by no means mean that you only have one public IP address.

      Check your interface settings and kindly let us know the last octet (digets behind the last dot) and the subnet mask.

      syldor
      syldorAuthor
      New Member
      November 5, 2015

      You are right, I just meant that I entered the IP address that I found in whatsmyip.com. It turns out that the mask is 255.255.255.248 and "whois info" on my IP gives me a range of IP so I may not have only one.   The access is now possible from the outside using my internal interface, I now would like to change that to do it through a DMZ interface, i'll open a new thread for that cuz it's not working, maybe a hardware (connection) issue.   Thanks everyone,

      Terms & ConditionsAccessibility statement