Authorize access by other IP ranges on interface 16
Hello everybody. I have a FortiGate 101E.
My interface 16 makes traffic to the VPN. On my 10.68.88.0 network everything works correctly. I have other networks but I can't get port 16 to accept requests. can I not ping. How do I authorize port 16 to authorize requests from other networks?
the routes are working well because I can communicate on the various networks. Port 16 is denying me requests from other networks on fortigate
the ping request comes from IP 10.68.82.67, which is not in the same /24 subnet as 10.68.88.254. Does FortiGate have a route to 10.68.82.0/24 subnet via that port16 interface? If not, the ping would be dropped due to reverse path check failure; the reply path is NOT the same as the original request, and FGT will drop any traffic where the reply does not go the same path as original request if asymmetric routing is disabled (and it is by default).
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Hello! It sounds like you're having some issues with your FortiGate 101E and port 16. It's great that you're looking to authorize port 16 to accept requests from other networks. To do this, you'll need to configure the firewall rules on your FortiGate to allow incoming traffic on port 16 from the other networks.
One way to do this is by creating a new firewall policy that allows incoming traffic on port 16 from the IP addresses of the other networks. You can do this by navigating to the Firewall > Policy section of the FortiOS web interface, clicking on the "Create New Policy" button, selecting "IPv4" as the protocol, setting the source address to the IP addresses of the other networks, setting the destination port to 16, and enabling the policy.
Another option is to create a custom service definition for port 16 that allows incoming traffic from the other networks. You can do this by navigating to the Firewall > Service Definition section of the FortiOS web interface, clicking on the "Create New Service Definition" button, selecting "Custom" as the type, entering a name for the service definition (e.g., "Port 16"), setting the protocol to TCP, setting the source port to 16, setting the destination port to 16, and enabling the service definition.
Once you've created either the firewall policy or custom service definition, you should be able to access port 16 from the other networks. It's important to note that you may also need to configure additional firewall rules or service definitions to ensure that only authorized traffic is allowed through port 16.
I hope this helps! Let me know if you have any questions or need further assistance. And remember, when it comes to networking, it's always a good idea to double-check your configurations and use a rangefinder to ensure that everything is set up properly. Good luck!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.