Explorer

Question

How to Allow HIK Vision NVR to Fortigate

Forum|Forum|1 year ago
January 30, 2025
7 replies
5478 views

Hi guys I'm new to the forum.I hope you can help me set up CCTV port forwarding from Fortigate. I've created a virtual IP, opened the port, and allowed this on policy already but won't give the device the internet,The device has an IP,is pingable, and is accessible on the local network.Is there a workaround here, Platform Access offline error

FortiGate

Anthony_E

Staff

Hello,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Best Regards

Anthony_E

Staff

Hello,

We are still looking for someone to help you.

We will come back to you ASAP.

Regards,

Best Regards

grangermasfussAuthor

Explorer

thanks, @Anthony_E , I tried also to create a separate VLAN for this CCTV only but still the same issue encountered.

Anthony_E

Staff

Hello,

To allow a Hikvision NVR to communicate through a FortiGate firewall, you can follow these general steps:

**Create Firewall Policies**: Configure inbound and outbound firewall policies on the FortiGate to allow traffic from and to the Hikvision NVR. - Specify the source and destination interfaces, addresses, services, and actions (allow) in the policies.
**Port Forwarding**: If remote access is needed, set up port forwarding on the FortiGate to forward specific ports used by the Hikvision NVR to the NVR's internal IP address.
**Security Profiles**: Ensure that any security profiles (like antivirus, IPS, application control) are not blocking the NVR traffic.
**VPN Configuration** (if applicable): If the NVR needs to communicate securely over the internet, consider setting up an IPsec VPN tunnel between the NVR location and the FortiGate.
**Testing**: Test the connection to ensure that the Hikvision NVR can communicate with the necessary servers and devices.

Best Regards

grangermasfussAuthor

Explorer

Hi @Anthony_E ive done this already. open the TCP udp port of nvr and create policies, still fortigate wont give device the internet,

Hemin88

Explorer III

Hi @Anthony_E

What TCP ports have you allowed on that policy?

Make sure you have enabled 554, 8000 and 80

dingjerry_FTNT

Staff

Hi @grangermasfuss ,

You confused me a bit.

"but won't give the device the internet"

-- It seems that you are going to allow the HIK Vision NVR device to access Internet, correct?

However, you mentioned this " I've created a virtual IP, opened the port, and allowed this on policy already "

-- This is conflicted with the above.

1) Virtual IP

We usually use Virtual IP for inbound access from the Internet to an internal server.

For example, you have an internal server with an internal IP, but you need to allow Internet users to access it from the Internet. This is the use case with Virtual IP.

2) If you need to allow the HIK Vision NVR device to access the Internet from the internal network, you may enable NAT or use the IP Pool within the firewall policy allowing this traffic.

Please check the following docs for how to configure them:

https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/898655/static-snat

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-SNAT-with-IP-pool/ta-p/195322

grangermasfussAuthor

Explorer

hi, @dingjerry_FTNT will try this. thanks for the clarification.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded