- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Port range forwarding
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 03-14-2005 11:56 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Port range forwarding
When creating VIPs, using Port Forwarding (not Static NAT), it' s not possible to enter a range of ports - each has to be entered separately. If there is an application that uses a range of say 25 ports (ie.: 2101-2125), each of them would have to be entered separately. That' s a lot of work and clutter, where a quick fix would allow for entering ranges.
Thanks,
PRL
18 REPLIES 18
Not applicable
Created on 03-15-2005 02:41 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should use the Firewall policies to allow multiple ports through on an interface. I' d only use VIP to NAT incoming traffic to an internal device which would normally use a public IP.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think its a good idea personally, be nice to say these ports ... either in a range or a list (like a comma seperated one).
Problem with using static nat each time Dean is, not many customers have that many external IP addresses and dont always want a dedicated external Ip allocated to them.
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Not applicable
Created on 04-04-2005 09:36 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would agree with this. There are $40 firewalls (as well as comparable firewalls from competitors) that can do this much more easily than FortiOS 2.80.
I' d love to have the ability to register ranges of port addresses when creating VIPs.
Thanks.
David
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The lack of this feature is causing me major headache. I want to use Vonage and have only a single public IP address off of the WAN1 interface. Vonage requires UDP 5060-5061, 53, 69, and 10000-20000. The first three are manageable as individual port forwarding virtual IPs. However, the third range of 10,001 ports is actually impossbile to accomplish in the current FortiOS (2.80 MR9) as the upper limit (according to the max value matrix) is 500 virtual IPs (although I saw 1024 as the upper limit in the FortiGate-60 administration guide; conflicting documentation).
Not applicable
Created on 04-19-2005 06:57 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree, there should be an option to allow for this in the VIP configuration.
Currently, there are two option, one for a static port forwarding and the other giving the ability to forward an outside port to a different inside port. It would do Fortinet well to make an option between these two they currently offer. Perhaps they could call it port range forwarding.
The only issue I see is the possibility of overlapping external ports for forwarding internally, but when that happens, there are other issues. Anyway you look at it, this needs to be taken care of.
Not applicable
Created on 04-29-2005 06:37 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have run into this exact kind of problem with a couple of my customers, and another one just today. Still stuck w/ doing a static nat and drilling down the accept policy in the firewall to accomodate only the port range that the customer wants. Right now the customer has a good argument which I have no way around that is why can a Firebox 2 manufactured more than 5 years ago be able to perform this exact functionality with ease, while a Fortinet box that is on top of today' s technology fumbling over such a trivial task.
Right now I believe I can get by w/ eating up an External IP cause my customer has 8 useables. But still, it' s a tough thing to make the customer realize, much less configure. I have yet to run into a customer which needs this functionality and does not have the external IP address to burn up. But if we do run into one, they only have one choice, and that' s to go with a different firewall solution. I hope Fortinet puts this feature in which I recall being requested even in v2.36, much less 2.80...
If your customer needs to do a port range to multiple internal servers, better hope they have quiet a large IP address pool on their external network assigned to them by their ISP...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same problem, had to eat an extra ip. This was a simple task in the old DFL-700.
Why can' t this be fixed ?
Not applicable
Created on 04-29-2005 09:39 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[Deleted by Admins]
Not applicable
Created on 07-28-2005 11:30 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' m assuming Vonage is no longer an issue as MR10 seems to support port forwarding ranges - can anyone confirm Vonage/Other SIP phones work from behind a FG 2.8 MR10 unit?
Thanks, TJ
Related Posts
- Two different websites (domains) on two... 91 Views
- SSL for HTTPS 494 Views
- Many to One Port Forwarding 215 Views
- Port forwarding issue with two different... 666 Views
- DNS Virtual Server load balancing to... 235 Views
Labels
-
FortiGate
6,523 -
FortiClient
1,301 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
241 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
83 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.