My Fortigate 60B is connected to a wireless DHCP router in WAN1.
When I connected it. I SETUP my FTG Network Interface as DHCP.
So I get 192.168.100.17. The default gateway and the DNS. In short I have Internet
Connection on my Internal network 192.168.1.99 as my gateway to my internal network with server dhcp.
I want to setup a port forwarding RDP to 3389 port so I created virtual Ip and the policy.
Virtual ip: assign port tcp 3389. External ip xxx.xxx.xxx.xxx and internal ip of my pc 192.168.1.101
WHEN I CALL THE EXTERNAL IP WHY MY PORT FIRWARDING IS NOT WORKING?
What's wrong in my setup?
What's wrong? There is no 192.168.1.x network on the WAN side of your FGT or the inside side of your internet router. It can't work this way.
The FGT sees a packet with destination .1.101 and knows where to route it because the internal network is directly attached. But it needs a policy to allow this traffic.
So you need a policy
source IF: wan1
source addr: all
dest IF: internal
dest addr: .1.101
service: RDP (create custom service if non-existant)
- note: you do not use a VIP here! -
The port and IP translation happens on the Huawei router! It's not clear that you did this. The internet facing router needs to forward the traffic to the inside.
BTW, 2 hints:
1- for the transfer network 192.168.100, use static addresses and a network mask /29 - this network is not used anywhere else, and you need a know address for the port translation target. Use static gateway and DNS as well.
2- if you know your public IP in advance (i.e. it's not assigned dynamically) then use it in System>Fortiguard in the 'override' field so that your FGT can use it to receive Fortiguard updates. Allow 'push updates' as well.
Thanks for the quick reply Sir, I will try tomorrow today is sunday i am off. This is what happen The HUAWEI HG8245T is connected to ISP and it was setup a DHCP in 192.168.100.1 gateway and all networks or pc connected on that router will get 192.168.100.nnn so I CONNECT my FTG and I set up to DHCP NETWORK INTERFACE MY FTG and the ISP Router give 192.168.100.17 in my Network Interface.. And 192.168.1.99 FTG internal network gateway and there is a Interface of DHCP SERVER in my FTG network interface RANGE TO 192.168.1.110-210 ....so when i connect my pc i got 192.168.1.110 ..that IP ADDRESS OF MY PC I WANT AN RDP.
thanks a lot.