Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rosh
New Contributor

VIP port forwarding

Hi,

 

I have an issue with forwarding VIP port for local web server. The web server itself has port for example:

Web server: 10.10.1.1:8081

WAN: 172.16.40.50

 

so if in the port forwarding setting when I enter:

External server port: 8080 or 8081

and map to : 8081

 

won't work. but for the other web servers without port will work fine.

 

Please advise.

Thank you 

 

 

1 Solution
seshuganesh
Staff
Staff

HI Team,

 

Can you share us the firewall policy screenshot? and output of these commands:

diag debug flow filter addr a.b.c.d (where in place of a.b.c.d give the public IP of the source machine from where there are trying to connect)

diag debug flow show function-name enable

diag debug flow trace start 1000

diag debug enable

 

once you execute the below commands try to connect, please disable the debug by executing this command:

diag debug disable

View solution in original post

4 REPLIES 4
seshuganesh
Staff
Staff

HI Team,

 

Can you share us the firewall policy screenshot? and output of these commands:

diag debug flow filter addr a.b.c.d (where in place of a.b.c.d give the public IP of the source machine from where there are trying to connect)

diag debug flow show function-name enable

diag debug flow trace start 1000

diag debug enable

 

once you execute the below commands try to connect, please disable the debug by executing this command:

diag debug disable

ntaneja
Staff
Staff

Hi Rosh

 

As per your post, it seems the web server has port 8081 to be used with IP.
External port depends on the way you are accessing the IP from internet

 

eg : http://172.16.40.50 >>> external port should be 80 and mapped port to be 8081

If you are using port 8081 while accessing from internet as well, then external and mapped can be 8081

 

Link to refer: https://docs.fortinet.com/document/fortigate/6.2.10/cookbook/155333/virtual-ips-with-port-forwarding

 

Thanks

Rosh
New Contributor

Hi @seshuganesh ,

 

Somehow it works now.

 

Thank you so much

Chandra_FTNT
Staff
Staff

Hi,

 

When you are creating VIP for port forwarding, if you enable Port Forwarding you must provide port from external and the port used internal.

 

As your web server using custom port 

Web server: 10.10.1.1:8081 

 

You must use external also with port number

WAN: 172.16.40.50:8081

 

You can specify the same port 8081 from external and internal as well. Please refer below KB:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configurati...