Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rm_beginner
New Contributor

Port forwarding in Fortigate 60B

Hi Guys, My Fortigate 60B is connected to a wireless DHCP router in WAN1. When I connected it. I SETUP my FTG Network Interface as DHCP. So I get 192.168.100.17. The default gateway and the DNS. In short I have Internet Connection on my Internal network 192.168.1.99 as my gateway to my internal network with server dhcp. I want to setup a port forwarding RDP to 3389 port so I created virtual Ip and the policy. Virtual ip: assign port tcp 3389. External ip xxx.xxx.xxx.xxx and internal ip of my pc 192.168.1.101 WHEN I CALL THE EXTERNAL IP WHY MY PORT FIRWARDING IS NOT WORKING? What's wrong in my setup? Thank you.
10 REPLIES 10
rwpatterson
Valued Contributor III

What device(s) are between the FGT and the Internet?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

rm_beginner

Sorry for late reply the device HUAWEI HG8245T
ede_pfau
Esteemed Contributor III

What's wrong? There is no 192.168.1.x network on the WAN side of your FGT or the inside side of your internet router. It can't work this way.

The FGT sees a packet with destination .1.101 and knows where to route it because the internal network is directly attached. But it needs a policy to allow this traffic.

So you need a policy

source IF: wan1

source addr: all

dest IF: internal

dest addr: .1.101

service: RDP (create custom service if non-existant)

action: ACCEPT

 

- note: you do not use a VIP here! -

 

The port and IP translation happens on the Huawei router! It's not clear that you did this. The internet facing router needs to forward the traffic to the inside.

 

BTW, 2 hints:

1- for the transfer network 192.168.100, use static addresses and a network mask /29 - this network is not used anywhere else, and you need a know address for the port translation target. Use static gateway and DNS as well.

2- if you know your public IP in advance (i.e. it's not assigned dynamically) then use it in System>Fortiguard in the 'override' field so that your FGT can use it to receive Fortiguard updates. Allow 'push updates' as well.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
rm_beginner

Thanks for the quick reply Sir, I will try tomorrow today is sunday i am off. This is what happen The HUAWEI HG8245T is connected to ISP and it was setup a DHCP in 192.168.100.1 gateway and all networks or pc connected on that router will get 192.168.100.nnn so I CONNECT my FTG and I set up to DHCP NETWORK INTERFACE MY FTG and the ISP Router give 192.168.100.17 in my Network Interface.. And 192.168.1.99 FTG internal network gateway and there is a Interface of DHCP SERVER in my FTG network interface RANGE TO 192.168.1.110-210 ....so when i connect my pc i got 192.168.1.110 ..that IP ADDRESS OF MY PC I WANT AN RDP. thanks a lot.
rm_beginner

Hi all,

 

This is my SYSTEM->NETWORK...Wan1 assign DHCP connected to HUAWEI HG8245T  

 NameIP / Netmask   

 internal 192.168.1.99 / 255.255.255.0

 wan1 192.168.100.17 / 255.255.255.0

 

The DHCP setup of wan1 connected HUAWEI HG8245T

   Obtained IP/Netmask:192.168.100.17/255.255.255.0       

   Acquired DNS:192.168.100.1      

   Default Gateway:192.168.100.1

 

How to setup RDP on my pc 192.168.1.110

 

Thank you.

rm_beginner

my dhcp_internal_server setup

rm_beginner

my target pc for RDP

rm_beginner

"The port and IP translation happens on the Huawei router! It's not clear that you did this. The internet facing router needs to forward the traffic to the inside."  

My reply: 

 

May be the port and ip translation happens on the huawei coz i setup port forwarding on my pc connected to wireless direct it works. But when I connect to fortigate it doesn't work.

Which one Sir am I going to edit on the statement above? the HUAWEI OR THE FTG in forward traffic to the inside?

 

Thanks

support12
New Contributor III

WHEN I CALL THE EXTERNAL IP WHY MY PORT FIRWARDING IS NOT WORKING?

From  where are you calling what ip   and to which external ip

 

lets say you are in a hotel at london http://whatsmyip.com  then this is from where.

 

and you said external ip  , external to fortigate is private ip not reachable from internet.

and external to huawei good you need to do a double publication  you are missing the publucation from the huawe router  logon there and configure it