Skip to main content
mubashar
mubashar
New Member
February 6, 2024
Question

TCP handshake between servers

  • February 6, 2024
  • 2 replies
  • 986 views

scenario is

Server1(192.168.31.65)-fortigateA---MPLS_VPN---fortigateB-Server2(172.16.31.23)

 

we are making ADC on fortigateB side

 

whenever server2 check for specific port like 3268,3269,88 towards Server1 used in Active Directory environment with following command all went normal all ports in listening state

 

Test-Netconnection 192.168.31.65 -port 3269

but whenever we do from server1 towards server2 ports like (389,88,3268 ) are closed

 

Test-Netconnection 172.16.31.23 -port 3269

 

we have checked on rules are services and source or destination are fine on both sides , but problem always from server1 side

following is pic from server1 side

 

tcp-handshake.png

 

what could be the reason here

2 replies

AEK
SuperUser
AEK
SuperUser
February 6, 2024

Hello

First check that the mentioned ports are listening on server2. You can use on of the following commands on server2:

  • netstat -an
  • Test-Netconnection 172.16.31.23 -port 3269

After that you can use the following command on FortiGateB to see if the traffic through VPN tunnel is reaching serverB:

  • diag snif packet any 'host 172.16.31.23 and port 3269' 4
AEK
hbac
Staff
hbac
Staff
February 6, 2024

Hi @mubashar,

 

Please collect debug flow to see if the traffic is being dropped: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connectivity/ta-p/192560

 

Regards, 

Terms & ConditionsAccessibility statement