Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

BACnet over site-to-site Fortigate VPN



First off, I dont have much experience with Fortigate products and that's why we have IT support that deals with this.

However, they don't have much experience with BACnet.


This is the case:

- Closed "technical LAN" at remote site. No DHCP. Ip-range

- BACnet devices in this LAN connects to local BAS server in same ip-range

- Site-to-site VPN tunnel established between a Fortigate firewall on remote site and a Fortigate 40E in our office

- Want to deploy BACnet hardware in our office for testing to BAS server on remote site.

- Tested with adding a BACnet device in our office. Ip in range

- Can reach device from remote site. Ping is OK

- Try to scan for BACnet devices from remote BAS server. Can't find it.


Any info missing or ideas to how we can make this work?

Thank you for any help.


Hi @Skagerak,


Which port number BAS server uses to scan? We need to understand how it scans, if it is broadcast, it will not reach the other side of the tunnel. You can run debug flow to see the traffic:



New Contributor

Hi @hbac .


The BAS server uses default UDP port 47808 (BAC0 in hex).

I have also tried with YABE (Yet Another Bacnet Explorer) using the "BACnet/IP V4 &V6 over UDP" option with port:BAC0 and local endpoint:ip in local range.

I have tried this from both ends of the tunnel and searched for devices on the other end.

No device is found.

I am not very well versed in the underlying workings of BACnet so I don't really know how to answer your question correctly.

According to it support the tunnel should allow everything through.


I will forward your link to them.


Thank you for quick answer.

Top Kudoed Authors