How to open port on Fortigate-FG200A

Is this for a notes server? I suggest you try the application externally rather than an online tool.

Hi Chome, let' s assume the following example scenario and that you want to allow users from the Internet to access a server on your LAN. Your External IP Addresses: 50.50.50.1 - 50.50.50.100 Your Internal IP Addresses: 192.168.100.1 - 192.168.100.255 Your firewall: WAN1 = 50.50.50.1 , Internal = 192.168.1.1 In the GUI go to: Firewall -> Virtual IP Click " Create New" Name = Some server name (example: nat-50.50.50.8) External Interface = WAN1 Type = Static NAT External IP = 50.50.50.8 Mapped IP = 192.168.100.8 This creates a mapping of 50.50.50.8 to 192.168.100.8 Now go to: Firewall -> Policy Click " Create New" Source Interface = WAN1 Source Address = all Destination Interface = Internal Destination Address = nat-50.50.50.8 Service = The custom service port you defined Leave all other options as default and click " OK" You now have a static Network Address Translation and a rule to allow traffic to that machine from the Internet on a specific port. Let me know if that works for you.

What do you mean to try the application externally? I am using this for Lotus Notes DOLS service. g3rman, i have tried your method. But according to the user on the other end, they still can' t telnet to 1352. Anyway to test whether 1352 port is opened?

From a machine connected to the Internet outside the firewall do this from the command line: telnet x.y.z.q 1352 where x.y.z.q is the Virtual IP address you have configured on your firewall.

ya.. i have tried the telnet externalIP 1352 but connecting failed. Don' t know what is happening.

Couple of things to check: -Verify that the Virtual IP you created is on the same subnet as your external interface -Verify that the Virtual IP maps to the correct internal or dmz address -Verify that your rules are setup correctly: from external to internal or dmz, source: any, destination: VIP, service 1352 You can hover your mouse over the different parts of the policy to make sure there are no typos in your config. If that doesn' t work maybe you can send me a private message and I can take a look at your config.

I have created a Custom Service: Notes TCP/1352:1352 After that i have included this " Notes" to the Group for my server with members: HTTP, HTTPS, POP3, SMTP, Notes Then i tried telnet to 1352 , failed to connect. But if let' s say i included the predefined TCP to the Group then i can successfully telnet to 1352, why is that so?

Hello chome, would you mind posting your custom service? It should look something like edit " Notes" set protocol TCP set tcp-portrange 1352-1352:1-65535 next Also, you might want to try a " diag snif pack" trace on your connection. g3rmans rules seem sound... Best regards

After i have changed the configuration, it can work now: Protocol: TCP Source Port: Low 1 High 65535 Destination Port Low 1352 High 1352 So the problem is i have entered the wrong port for source port initially (which i keyed 1352). Is this configuration safe by opening source port 1 to 65535?

Yes, that' s ok and required. The source ports for the connection are always random. Probably 99% of all ports are defined that way. Unless you know what source ports people are using you are ok to configure it this way.