Skip to main content
Rosh
Rosh
New Member
June 2, 2022
Solved

VIP port forwarding

  • June 2, 2022
  • 4 replies
  • 3125 views

Hi,

 

I have an issue with forwarding VIP port for local web server. The web server itself has port for example:

Web server: 10.10.1.1:8081

WAN: 172.16.40.50

 

so if in the port forwarding setting when I enter:

External server port: 8080 or 8081

and map to : 8081

 

won't work. but for the other web servers without port will work fine.

 

Please advise.

Thank you 

 

 

Best answer by seshuganesh

HI Team,

 

Can you share us the firewall policy screenshot? and output of these commands:

diag debug flow filter addr a.b.c.d (where in place of a.b.c.d give the public IP of the source machine from where there are trying to connect)

diag debug flow show function-name enable

diag debug flow trace start 1000

diag debug enable

 

once you execute the below commands try to connect, please disable the debug by executing this command:

diag debug disable

4 replies

seshuganesh
Staff
seshuganeshAnswer
Staff
June 2, 2022

HI Team,

 

Can you share us the firewall policy screenshot? and output of these commands:

diag debug flow filter addr a.b.c.d (where in place of a.b.c.d give the public IP of the source machine from where there are trying to connect)

diag debug flow show function-name enable

diag debug flow trace start 1000

diag debug enable

 

once you execute the below commands try to connect, please disable the debug by executing this command:

diag debug disable

ntaneja
Staff & Editor
ntaneja
Staff & Editor
June 2, 2022

Hi @Rosh

 

As per your post, it seems the web server has port 8081 to be used with IP.
External port depends on the way you are accessing the IP from internet

 

eg : http://172.16.40.50 >>> external port should be 80 and mapped port to be 8081

If you are using port 8081 while accessing from internet as well, then external and mapped can be 8081

 

Link to refer: https://docs.fortinet.com/document/fortigate/6.2.10/cookbook/155333/virtual-ips-with-port-forwarding

 

Thanks

Rosh
RoshAuthor
New Member
June 2, 2022

Hi @seshuganesh ,

 

Somehow it works now.

 

Thank you so much

Chandra_FTNT
Staff & Editor
Chandra_FTNT
Staff & Editor
June 2, 2022

Hi,

 

When you are creating VIP for port forwarding, if you enable Port Forwarding you must provide port from external and the port used internal.

 

As your web server using custom port 

Web server: 10.10.1.1:8081 

 

You must use external also with port number

WAN: 172.16.40.50:8081

 

You can specify the same port 8081 from external and internal as well. Please refer below KB:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configuration/ta-p/198143

 

Terms & ConditionsAccessibility statement