Skip to main content
ArifS
ArifS
New Member
March 28, 2023
Solved

How to open ports

  • March 28, 2023
  • 5 replies
  • 22159 views

I want to access our backup software on port https 8015. I created virtual ip with source ip/port and dest ip/port. Created services with custom port 8015. Created policy to allow traffic on port 8015. But so far I am not able to access interface over internet. I also checked the logs and don't see any request hitting firewall. I created RDP access rule which is working fine. 

Best answer by ArifS

Issue resolved. The issue was in AWS security group which was only allowing port 443 and 3389. As soon as I allowed all traffic, I can access the server from outside through fortigate.

5 replies

sw2090
SuperUser
sw2090
SuperUser
March 28, 2023

Basically to forward a port on a fgt you create a vip and set the neccessary values. Mostly setting the destination ip and port is enough. 

Then create a policy setting the required source and the vip as destination and probably allow the service.

 

Example:

 

you want to come from internet and access internal server 192.168.1.23 via 443/tcp (=https):

with the server connected to port1 and internet on wan1.

 

VIP:

 source ip: any

 destination ip 192.168.1.23

 source port 1-65535 

destination port 443

 

Policy:

 

allow wan1 to port1

source interface wan1

destination interface port1

source address all

destination address your vip from above

service HTTPS

and probably you might need to enable NAT here (not sure?)

 

 

ArifS
ArifSAuthorAnswer
New Member
March 30, 2023

Issue resolved. The issue was in AWS security group which was only allowing port 443 and 3389. As soon as I allowed all traffic, I can access the server from outside through fortigate.

parteeksharma
Staff
parteeksharma
Staff
April 10, 2023

Hi ArifS,

Hope you are doing good.

To open the port from outside internet to inside DMZ of fortigate and access services based on that, you need to enable VIP port forwarding. Kindly check below link for VIP port forwarding:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configuration/ta-p/198143

Regards,
Parteek  

Olivia_7
Olivia_7
New Member
April 10, 2023

RDP over the Internet requires port forwarding. You can follow this tutorial to forward the RDP port: Remote Desktop Port Forwarding If you are inaccessible outside the network, check the firewall settings and the antivirus software.

sareefbaccha61
sareefbaccha61
New Member
April 10, 2023

To answer your question, you go into your router's port forwarding settings and set it to forward an external port to an internal IP and port. You probably knew this and are getting stuck in the process.

 pikashow.fyi

ppssppgold.one

ArifS
ArifSAuthor
New Member
April 10, 2023

Port forwarding through Fortigate worked after I opened AWS side ports. I can see the traffic whichever ports I open now.

Thank you everyone.

Terms & ConditionsAccessibility statement