Skip to main content
ragno
ragno
New Member
December 29, 2014
Solved

How to open a different port

  • December 29, 2014
  • 2 replies
  • 62513 views

Hi!

 

I have a Fortigate-50B (system 4.0 MR3) model, and I have to open ports like 8080, 993,465 because these ports are not listed at "Predefined" into "Services". All this traffic is being blocked by the firewall. 

 

I tried to create port 8080 into "Custom", by defining the source and destination port low/high with 8080, but after I placing in a Policy nothing changes and the port continue to be blocked.

What should I do for make this simple task?

 

Thank you.

Best answer by Dave_Hall

Attached (top part) is a custom service (based on your requirements); (bottom part) is just a service group (on 5.0.9) grouping all the email services.  (These are just examples.)  Remember when you define your firewall policy -- move the rule up in the firewall chain so it get's executed.

 

2 replies

Dave_Hall
Dave_Hall
New Member
December 29, 2014

It would help if you can define what you are trying to accomplish by opening these ports.  Are you trying to allow traffic on those ports out (internal->WAN) or outside in (WAN->Internal).

 

In a custom service, you generally define the dest/target (TCP/UDP) ports you want open -- the source or originating ports you (edit: usually) leave at 1-65535.

ragno
ragnoAuthor
New Member
December 29, 2014

The traffic is Internal->WAN 

Dave_Hall
Dave_HallAnswer
New Member
December 29, 2014

Attached (top part) is a custom service (based on your requirements); (bottom part) is just a service group (on 5.0.9) grouping all the email services.  (These are just examples.)  Remember when you define your firewall policy -- move the rule up in the firewall chain so it get's executed.

 

ragno
ragnoAuthor
New Member
December 29, 2014

Ok Dave,

 

I made the same way as you said and worked perfectly!

 

Thank you!

Yeruel_Birku
Yeruel_Birku
New Member
March 14, 2018

Hi Team, Please help on the below.

I am looking for Policy create and NAT and Port Opening. 

I have public IP 197.156.Y.Y and Private IP 172.16.x.x. (Video conference codec server).

172.16.X.X---static Nat to ---197.156.Y.Y

And The port should open as below table.

Function

Port Range

point to point call+ People&Content

 Gatekeeper Discovery (RAS)

1718-1719 UDP

Q.931 Call Setup

1720 TCP

Audio Call Control

1731 TCP

Video Range

3230-3253 TCP/UDP

Audio Range

3230-3253 TCP/UDP

Data/FECC Range

3230-3253 TCP/UDP

Port Range

 1718-1719 UDP

1720 TCP

1731 TCP

3230-3253 TCP/UDP

3230-3253 TCP/UDP

3230-3253 TCP/UDP

ede_pfau
SuperUser
ede_pfau
SuperUser
March 14, 2018

my advice: use a port-less (full) VIP and use a service group on the incoming policy. Much less effort than a dozen of VIPs and one VIP group.

Terms & ConditionsAccessibility statement