Multiple port forward

vazexa · ‎04-10-2022

Hello,

I am a beginner with Fortigate and i am trying to connect an H.323 video conference system in my office in order to make conferences with remote locations but since i will connect the system behind NAT, i have to forward several ports to the video conference IP address.

After looking at the forums, etc. i understood how to forward a single port to an IP, using VIP but i cannot understand how to forward multiple ports or ports range to a single IP.

Can someone help me please?

thank you very much in advance!

akristof · ‎04-11-2022

Hi,

It has

"-" is separator.

Adrian

View solution in original post

vazexa · ‎04-11-2022

thank you!

Can you please let me know if SSH if it is enabled or disabled on the management port by default?

akristof · ‎04-11-2022

Hi,

Yes, SSH, HTTP, HTTPS and Ping are default protocols that are allowed.

Adrian

vazexa · ‎04-11-2022

one last question, how do i know which is the id of the policy i want to disable?

akristof · ‎04-11-2022

Hi,

Well, you can list them and identify it based on name/VIP/interfaces, etc.

show firewall policy

Also, usually, last policy is with the highest ID and it is last. So this can help you too.

Adrian

vazexa · ‎04-11-2022

you are very helpful!

Is it possible to tell me the CLI commands of how to list the policies?

akristof · ‎04-11-2022

Hi, I did:

show firewall policy

Adrian

vazexa · ‎04-12-2022

i actually did it!! I disabled the policy and now i have control over my fortigate again! Thank you very much!!

EEHC · ‎04-11-2022

First I want to explain something related to VOIP having two types of traffic. Signaling (H323 in your case) for call setup. RTP for conversation. The firewall listens to the call setup to know the RTP ports that should be opened. After call ends it close it.

I have a question, why you need to forward specific ports? do you use the same public IP for different applications or change the ports? If you create VIP, all coming traffic will be forwarded without changing the ports. I prefer to make VIP and control the ports from the policy.

EEHC

vazexa · ‎04-12-2022

Thank you very much for your feedback.

I want to operate an SVC video conference by Aver that supports H.323. I have made the port forwarding the user manual states (see below photo) but it does not operate ok. i.e. although I can see and hear the remote party, my camera and microphone are not being transmitted remotely. Do you think this has something to do with the firewall?

EEHC · ‎04-16-2022

It is a famous problem in VOIP "one-way audio". If you search for these words you will find several links for solving it. Here is one "http://info.teledynamics.com/blog/how-to-troubleshoot-one-way-and-no-way-audio-on-voip-calls"

You don't have to follow the exact steps. you need to get an idea about the root cause.

The problem is that the packets from one end don't reach the other end. The reason may be a routing problem that sends the packets in the wrong direction. Or it may be a firewall policy missed that allows these packets.

This is the idea. Keep in mind that the VOIP conversation be directly between the two ends not through the central call manager.

EEHC