Assistance to allow external access to your IIS server

ATOON · ‎06-14-2024

Hi,

Assistance with a network configuration. We have an application on a local server (IIS) and need access to it from the external network:

I try the below steps with no luck, can't access it from an external network

* DDNS:

Created account and host on no-ip
Configure no-ip client on the server and connected

* On Firewall:

1- Configure Virtual IPs (External IP address/range: 0.0.0.0, Mapped IP address/range: LAN IP)

Port Forwarding Protocol (TCP), External service port & Map to port (80)

2- Create Policy

Incoming Interface (WAN)
Outgoing Interface (LAN)
Source (all)
Destination (VIP) created earlier
Schedule (Always)
Service (HTTP)
Action (Accepted)
NAT (Disable) and try (Enable)

Additionally, configure Windows firewall inbound and outbound for port 80

Modem: FortiWiFi 30E

Firmware: v6.2.15 build1378 (GA)

hbac · ‎06-14-2024

Hi @ATOON.,

Please run the following debugs and test connection:

di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter addr <source IP>
di deb flow filter port 80
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 9999
diagnose debug enable

Regards,

View solution in original post

fdsantos · ‎06-14-2024

You may try to run a packet capture so that we may determine if the packets are reaching the FortiGate from your WAN interface.

I would recommend to do the packet capture using your client public IP address that is reaching the VIP.

You may follow the command below.

If you are accessing port 80:
diag sniff packet "host <client-public-ip-address> and port 80" 4 0 l

You may also check the documentation below in regards for packet capture.

https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/680228/performing-a-sniffer-...

Assistance to allow external access to your IIS server

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website