Hello everybody. I have a FortiGate 101E.
My interface 16 makes traffic to the VPN. On my 10.68.88.0 network everything works correctly. I have other networks but I can't get port 16 to accept requests. can I not ping. How do I authorize port 16 to authorize requests from other networks?
the routes are working well because I can communicate on the various networks. Port 16 is denying me requests from other networks on fortigate
Thanks
Hello,
I would recommend to collect traffic sniffer and debug flow while pinging.
any ideias?
Hey fearangel,
the ping request comes from IP 10.68.82.67, which is not in the same /24 subnet as 10.68.88.254.
Does FortiGate have a route to 10.68.82.0/24 subnet via that port16 interface? If not, the ping would be dropped due to reverse path check failure; the reply path is NOT the same as the original request, and FGT will drop any traffic where the reply does not go the same path as original request if asymmetric routing is disabled (and it is by default).
Hello,
There is one way communication. I would recommend to sniff traffic and collect debug flow on FortiGate side:
Sniffer:
diagnose sniffer packet any 'host 10.68.88.254' 4 0 a
Debug flow:
and then collect debug flow traces and try to reproduce the issue:
diagnose debug flow filter daddr 10.68.88.254
diagnose debug flow show function-name enable
diagnose debug flow trace start 100
diagnose debug enable
IF the other networks are defined on other local ports of the same Fortigate, then there are routes in place automatically. If not, you need to set up static routes.
Apart from that, if you want to reach one network from one other, you need a policy to allow this. I guess there are no policies in place between the interfaces you mention.
Hello! It sounds like you're having some issues with your FortiGate 101E and port 16. It's great that you're looking to authorize port 16 to accept requests from other networks. To do this, you'll need to configure the firewall rules on your FortiGate to allow incoming traffic on port 16 from the other networks.
One way to do this is by creating a new firewall policy that allows incoming traffic on port 16 from the IP addresses of the other networks. You can do this by navigating to the Firewall > Policy section of the FortiOS web interface, clicking on the "Create New Policy" button, selecting "IPv4" as the protocol, setting the source address to the IP addresses of the other networks, setting the destination port to 16, and enabling the policy.
Another option is to create a custom service definition for port 16 that allows incoming traffic from the other networks. You can do this by navigating to the Firewall > Service Definition section of the FortiOS web interface, clicking on the "Create New Service Definition" button, selecting "Custom" as the type, entering a name for the service definition (e.g., "Port 16"), setting the protocol to TCP, setting the source port to 16, setting the destination port to 16, and enabling the service definition.
Once you've created either the firewall policy or custom service definition, you should be able to access port 16 from the other networks. It's important to note that you may also need to configure additional firewall rules or service definitions to ensure that only authorized traffic is allowed through port 16.
I hope this helps! Let me know if you have any questions or need further assistance. And remember, when it comes to networking, it's always a good idea to double-check your configurations and use a rangefinder to ensure that everything is set up properly. Good luck!
Hi there,
The source IP where the ping is out of range with interface IP. Can you please verify the routing by using the command "get router info routing-table details 10.68.82.67". If there is no route to this network via port 16, FGT will drop traffic due to RPF. Please refer to this document for more information "https://community.fortinet.com/t5/FortiGate/Technical-Note-Details-about-FortiOS-RPF-Reverse-Path-Fo...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.