Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rpall1988
New Contributor

Fortigate 40F could not open Port and policys are wrong

hi there, 

 

i want to open some ports on my forti 40f, but i don´t can do this, i read in the internet, put under policy and objects i have no button for ipv4

rpall1988_0-1657533172855.png

any ideas what i do wrong?

 

7 REPLIES 7
Yurisk
Valued Contributor

The 1st screenshot shows how to create a VIP, in the example from external IP of 10.10.10.128 to internal 172.20.20.218, mapping/port-forwarding external port 8080 to internal 80. 

https://yurisk.info/2021/05/24/perform-snat-and-dnat-on-the-same-traffic-in-fortigate/ 

 

Otherwise, bring screenshots of what you are trying to do.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
rpall1988

Hi Yuri,

 

many thanks, what i want to do, in my network there are 10 clients, ip managed from a server. now i have the callenge our programm for using evva airkey needs the port 50743 to connect the coding-station. i have set a VIP source 213.164.21.5 and tcp port 50743 , also for udp, and my internal adresses to the clinets.... but it could not connect

rpall1988_0-1657703887948.png

rpall1988_1-1657704019655.png

 

this is my first time to use the fortigate... i have no idea

 

 

 

 

Muhammad_Haiqal

Hi @rpall1988 ,

Your VIP configuration is correct. However, this VIP is not "Active" yet.

Please create a Firewall policy to use this VIP.

 

Source: Any

Destination : Evva, Evva_UDP (this is your VIP configuration)

Services : Any

NAT: Disabled

Action : Allow
Apply

Test it and let us know if this works.
Then, consider to fine tune the above policy to allow only port 50743.

Hope that helps.

haiqal
Yurisk
Valued Contributor

Your VIP looks correct, it translates connections incoming to the WAN IP 213.164.21.5 on port 50743 TCP/UDP inbound to the internal IP you set.  So, most probably the destination server in LAN does not listen on this port 50743 for incoming connections. Do you have means of checking this server directly from LAN - trying to connect to it? 

 

BTW, it is probably not a good idea to open incoming port 50743 from any IP on the Internet, consider narrowing the source IP to specific ones.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
anikolov
Staff
Staff

Hello rpall1988,

 

Please check the KB below, it explains how to implement a VIP. Please don't forget to make a firewall policy to implement the VIP from outside to inside:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-Virtual-IPs-to-configure-port-forwar...

 

Please let me know if this helps.

 

Regards,

Aleksandar Nikolov
rpall1988
New Contributor

i try it again, nor i have made some VIP´s include the ports 443 and 50743 that i need for my coding station (include also my public ip)

rpall1988_3-1657894922815.png

 

 

let me explain: airkey needs port 50743 for my coding station that i can made some key´s, als my computer needs the open port 50743, i made a hotspot to look if i have some issues on my setup, but there it works, my station gets connectet, when it´s connectet in my webbrowser (EDGE,Chrome,Firefox) and i go back to my "normal" network (no hotspot) it works.... 

rpall1988_1-1657894709847.png

 

 

i made the policy:

rpall1988_2-1657894751457.png

[cry] but i won´t work... i can ping the webpage, but the port is close... 

 

regards

 

Muhammad_Haiqal

Hi @rpall1988 ,

Everything looks good on your configuration. 
This need further checking.  I would suggest to call Fortinet Support here: https://www.fortinet.com/support/contact.html

Support will verify if the issue is on Fortigate level or not.

 

haiqal
Labels
Top Kudoed Authors