First off, I'm sure I've done something wrong, fully willing to admit it. I very recently upgraded to a Fortigate 60C from a 60B (Boss gave it to me for training purposes) and I had no issues with port forwarding on the older unit. Worked like a charm.
Now I'm running the 60C, I can't seem to get the port forward to work.
First off, I'm running the following:
Device: Fortigate 60C (Rev. 1)
Firmware: v5.2.2,build642 (GA)
Internal Switch Mode: Interface (just to match our work environment for learning/testing purposes)
Security Features: All of them have been turned off for this testing (No AV, Intrusion Protection, etc)
I'm trying to do a port forward for a game server on my internal network. I've configured the server as a reserved DHCP so it will always have the same IP. I've created a Virtual IP for the port that needs to be forwarded (picture), then created a VIP Group and put the VIP into it. Then, I've created a IPv4 policy to forward traffic from my WAN port to the VIP Group, allowing all services, enabling the NAT and logging traffic (picture). To clarify, the 'Outside_Telus' address group looks like this: (picture)
As far as I know, that's all that is needed to get a port forward to work. When I do a specific NMap scan of the port, it says 'open|filtered', but the game server is not available in the games browser. I've tried to force the game to connect to the server directly, but so far no luck.
Please let me know if anyone needs more information to help me solve this. I'll update if I figure it out.
Your output is for UDP is this vip-forward doing udp and tcp? Also do you have the correct fwpolicies and port(s)
Yep, it's UDP on the port in question. I opened up a port for an FTP server on the same computer under TCP, so I then created a VIP group and put both VIP's (12067 UDP, 9400 TCP) into the group. They both point to the same IP address.
As for the fwpolicies, I've selected 'ALL' under destination services which should allow all traffic to the destination addresses, should it not?
I'll try out the diags later when I'm not at home.