Skip to main content
rm_beginner
rm_beginner
New Member
February 24, 2017
Question

Port forwarding in Fortigate 60B

  • February 24, 2017
  • 3 replies
  • 15850 views
Hi Guys, My Fortigate 60B is connected to a wireless DHCP router in WAN1. When I connected it. I SETUP my FTG Network Interface as DHCP. So I get 192.168.100.17. The default gateway and the DNS. In short I have Internet Connection on my Internal network 192.168.1.99 as my gateway to my internal network with server dhcp. I want to setup a port forwarding RDP to 3389 port so I created virtual Ip and the policy. Virtual ip: assign port tcp 3389. External ip xxx.xxx.xxx.xxx and internal ip of my pc 192.168.1.101 WHEN I CALL THE EXTERNAL IP WHY MY PORT FIRWARDING IS NOT WORKING? What's wrong in my setup? Thank you.

    3 replies

    rwpatterson
    rwpatterson
    New Member
    February 24, 2017

    What device(s) are between the FGT and the Internet?

    rm_beginner
    rm_beginnerAuthor
    New Member
    February 26, 2017
    Sorry for late reply the device HUAWEI HG8245T
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    February 26, 2017

    What's wrong? There is no 192.168.1.x network on the WAN side of your FGT or the inside side of your internet router. It can't work this way.

    The FGT sees a packet with destination .1.101 and knows where to route it because the internal network is directly attached. But it needs a policy to allow this traffic.

    So you need a policy

    source IF: wan1

    source addr: all

    dest IF: internal

    dest addr: .1.101

    service: RDP (create custom service if non-existant)

    action: ACCEPT

     

    - note: you do not use a VIP here! -

     

    The port and IP translation happens on the Huawei router! It's not clear that you did this. The internet facing router needs to forward the traffic to the inside.

     

    BTW, 2 hints:

    1- for the transfer network 192.168.100, use static addresses and a network mask /29 - this network is not used anywhere else, and you need a know address for the port translation target. Use static gateway and DNS as well.

    2- if you know your public IP in advance (i.e. it's not assigned dynamically) then use it in System>Fortiguard in the 'override' field so that your FGT can use it to receive Fortiguard updates. Allow 'push updates' as well.

    support12
    support12
    New Member
    February 27, 2017

    WHEN I CALL THE EXTERNAL IP WHY MY PORT FIRWARDING IS NOT WORKING?

    From  where are you calling what ip   and to which external ip

     

    lets say you are in a hotel at london http://whatsmyip.com  then this is from where.

     

    and you said external ip  , external to fortigate is private ip not reachable from internet.

    and external to huawei good you need to do a double publication  you are missing the publucation from the huawe router  logon there and configure it

    rm_beginner
    rm_beginnerAuthor
    New Member
    February 28, 2017

    Sir, There is no issue in my HUAWEI it is working fine.

    The issue is what I am going to edit inside the HUAWEI if I need to edit it.

    I know my external ip in what is my ip site..

    Do I need to create port forwarding in HUAWEI to FTG or what?

    what ip i am going to put is it the FTG router or FTG gateway?

    Terms & ConditionsAccessibility statement