tftp not working over fortigate

I have a FortiGate 200D

On One Interface 2 I have 10.1.0.0/16 and on interface 3 I have a 10.8.0.0/16 Subnet.

There is a rule that allows TFTP from Interface 2 to Interface 3

Also there is a tftp session helper

But while traffic to the tftp server 10.1.1.8 arrives, the answer is blocked by the firewall.

What can I check.

tftp Server is definitely fine in the 10.1.0.0/16 subnet.

On all other Subnets the return traffic is blocked.

New Member

Whenever you have what appears to be a weird behavior, check in CLI the flow:

diagnose debug flow filter clear

diagnose debug flow filter daddr <YOURDST>

diagnose debug flow filter dport 69

diagnose debug flow show function-name enable --> if in 5.6, otherwise a tad different

diagnose debug flow show iprope enable --> if in 5.6, otherwise a tad different

diagnose debug flow trace start 50

Then issue a test, you'll for sure find your answer, maybe your session-helper is not well set and so the return packet is dropped by the firewall.

Another simple thing to test: does your tftp server have a gateway set up ? does your tftp server allow connections from other sources ?

Hope it helps

Sign up