WAKE ON LAN FORTIGATE 60B

AFAIK WoL uses a specific MAC-Address (not IP Address)to send the magic packet to. Therefore it will only work in your local subnet and not over Internet. There are (according to google) WoL Proxys, but it is not implemented in the Fortigate.

I decided to test this, and yes it can be done. Wake-on-LAN packets can be sent to the local subnet, broadcast to another subnet, or directed unicast to a specific IP (the tool used to send the WOL packet must support the Unicast option). It also allows you to select a destination (UDP) port for the packet. You can create a Virtual IP to translate the UDP port to the internal IP. The magic packet will then be forwarded by the firewall to the IP and must contain the correct MAC address for the internal device. However, the internal device must be on and responding before the Virtual IP will work as the FortiGate must have seen the MAC address to update its arp table and cache the entry for VIP use. I don' t know how long it remains cached but it still works even after manually clearing the arp table on the FortiGate. Alternately, you can have the virtual IP directed to the broadcast address of the internal subnet. This would allow magic packets directed to any device in the subnet. This requires a configuration change: config system interface edit <external_intf_name> set broadcast-forward enable end However, notes from the FortiGate docs regarding broadcast-forward: " Use with caution. Enabling this option may make the FortiGate unit vulnerable to broadcast-based DoS attacks such as ping floods."

Ok, and did it work? Where can you setup the MAC address for the computer you need to wake it up? What menu?

Hi, I also tested this configuration for a customer. It works well in " internal" or " external" (via internet) configuration with the command " set broadcast-forward enable" ON Check also the policy when you test this feature. You can view the request with this CLI commands : diag debug enable diag debug flow filter port " Remote_port_WoL" diag debug flow show console enable diag debug flow trace start xxxx Many thanks Jmac ;-) With regards, Ju

Hi guys, Today made my mind to make this work. I started with dowloading a free WOL Software from the mighty Solarwinds. It worked from the same LAN, but no luck from outside. I VIP UDP 7, saw traffic coming on external interface but nothing more: diagnose sniffer packet any ' port 7' interfaces=[any] filters=[port 7] 18.561798 53.24.161.14.25362 -> 128.22.113.101.7: udp 102 18.562581 53.24.161.14.25362 -> 128.22.113.101.7: udp 102 I enabled broadcast-forward on wan1 interface and also created a static ARP for my internal IP: config system arp-table edit 12 set interface " internal" set ip 192.168.26.32 set mac 00:c4:93:a2:ae:e2 next end No luck. Then I installed some application from Android and worked as a charm. It is called: Wol Wake on Lan. All it' s required is to FWD UDP 9: edit " Wol9" set extintf " wan1" set portforward enable set mappedip 192.168.26.32 set protocol udp set extport 9 set mappedport 9 next and to create a static ARP entry so Fortigate will always know the MAC and IP of your computer (even when it is shutdown). Good luck to all! P.S. the IP and MAC from this example are fictive so don' t try to use them.

excellent info!!