No, please do that on the collector server, telnetting to localhost.

If localhost works, try the actual IP, but still doing only local telnet on the server itself.

This is the result from the telnet

This confirms that the Collector is running and listening on that port.

So the information we have:

• Collector works (local telnet confirms this)
• FortiGate's packets reach it (I assume that's the wireshark screenshot with only SYN)
• No SYN-ACK back

The conclusion should be obvious: Something is blocking the traffic locally on the server. I hate repeating myself, but it does look like something is firewalling the port.

Exactly i have tried opening all the ports same thing so i don't know wats blocking it locally thats what i need assistance for

I'm afraid that's more of a Windows forum type of question, not a Fortinet-product question, at this point.

But just for the challenge of it, let' see if we can figure something out.

Do this:

Edit the Win Firewall properties, and enable logging of dropped packets for all three profiles (domain/private/public). Screenshot:

Remember that you need to do this three times. Once for each of the domain/private/public profiles.

Once the change is applied, try connecting from the FortiGate again a couple times (e.g. with exec telnet). Then wait a minute or so, and afterward inspect the log file (note the file path in the screenshot).

See if you can spot any logs for the port 8000 and the action logged for it.

12-09-2024 09:36:11 [00000f08] listdc: DsBind(DC010) failed. (rc=1355)

What does this error mean?

Let's stay focused please.

What does the windows firewall log say? (Assuming you are following along and enabled logging of dropped packets as instructed)

12/11/2024 12:14:20 [ 8104] unknown message received:86 len:268435456
12/11/2024 12:14:30 [ 8104] unknown message received:86 len:268435456

Sorry the reply

This is from the telnet to the fortigate