Hi,
Assistance with a network configuration. We have an application on a local server (IIS) and need access to it from the external network:
I try the below steps with no luck, can't access it from an external network
* DDNS:
* On Firewall:
1- Configure Virtual IPs (External IP address/range: 0.0.0.0, Mapped IP address/range: LAN IP)
Port Forwarding Protocol (TCP), External service port & Map to port (80)
2- Create Policy
Additionally, configure Windows firewall inbound and outbound for port 80
Modem: FortiWiFi 30E
Firmware: v6.2.15 build1378 (GA)
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @ATOON.,
Please run the following debugs and test connection:
di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter addr <source IP>
di deb flow filter port 80
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 9999
diagnose debug enable
Regards,
Hi @ATOON.,
Please run the following debugs and test connection:
di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter addr <source IP>
di deb flow filter port 80
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 9999
diagnose debug enable
Regards,
Please check the debug attached. Di debug
From the debug output, the source IP 10.10.210.250 is not a public IP. Are you making an outbound connection from behind the FortiGate to the public IP of the Huawei router? Do you have port forwarding configured on the router to forward port 80 traffic to 192.168.8.2?
Regards,
Thanks for your message
10.10.210.250 is internal for the local server and my network is Vlans 10.10.xx.xx
Created on 06-17-2024 02:32 AM Edited on 06-17-2024 05:09 AM
I resolved the issue by changing LAN 1 to LAN 2 in the out-interface policy rule. I now see that I had initially chosen LAN 1
What WAN connection do you have on the FGT? If there is a router in front of the FGT this router also has to forward the traffic!
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Have a Huawei router HG8245W5 in front of FGT, internal IP 192.168.8.1.
Make an interface in FGT for wan 192.168.8.2, and make the LAN interface as Vlans 10.10.xx.xx.
So, in the Huawei router, if try to add the internal host, the LAN IP of the local server 10.10.xx.xx is not accepted.
How did you test? Using HTTP or by pinging? Ping won't work here.
Tested by HTTP browsing, and ping working fine
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.