Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hamlin11
New Contributor

Basic Fortigate Router Setup - HTTP, HTTPS working, but FTP, RDP, SQL not.

[ul]
  • I have a Fortigate 70D Router.
  • I have performed a very basic setup, with Wan1 connected to a cable internet connection (with DHCP assigned address from ISP), based upon the 5.0 and 5.2 basic setup cookbook guides.
  • The machines on the LAN are connected to the Fortigate Router using static IP's on the same subnet 192.168.1.x (with the router at default IP 192.168.1.99 as gateway).
  • As recommended by Fortigate tutorials, I have setup a default route of 0.0.0.0/0.0.0.0 with gateway of WAN1's DHCP-assigned-by-ISP gateway. I have also tried gateway of 0.0.0.0 and the behavior described below is identical. Without the default route, no traffic gets through.[/ul]

    The good

    [ul]
  • A variety of traffic over a variety of ports works quite fine. Standard web browser traffic over port 80 and 443 works great. Based upon some of the views within the fortigate web interface, some other ports are working too, such as google chat and some others, and a variety of UDP ports.[/ul]

    The bad

    [ul]
  • However, when I try to initiate a RDP connection from within the LAN to a machine on the Internet, no traffic comes back over 3389.
  • There is similar (bad) behavior for FTP (21) and SQL (1433).[/ul]

     

    I would understand this if all traffic failed or if all traffic succeeded.

     

    However, this problem where some traffic succeeds and some fails is rather confusing.

     

    I feel that I am failing to grasp a basic concept of routing, perhaps.

     

    What can be causing this behavior of some traffic succeeding but some failing?

     

    In Summary:

    [ul]
  • I have the most basic setup, based upon 5.0 an 5.2 cookbook guides for fortigate
  • The default firewall policy allow all traffic, all services, etc.
  • A single default route (I have tried a variety of gateway IPs yielding either the behavior described above or NO traffic)
  • LAN to LAN traffic works fine
  • Port 80, 443 (initiated from web browsers) works fine
  • Ports 3389 (RDP), 21 (FTP), and 1433 (SQL) initiated from their respective clients from within the LAN to Internet destinations all fail.[/ul]

    Thanks in advance for your time.

  • 1 REPLY 1
    hamlin11
    New Contributor

    This has been solved. Despite not changing cable modems, the ISP switches IP's on us every time a router is swapped out. As a result, some stray IP restrictions (to external SQL, RDP, and FTP sources) were preventing access.

     

    So, somebody would have eventually asked the question, "Just how sure are you that outbound access to FTP, RDP, and FTP is not working. I am almost certain that it should be working. Please triple check". 

     

    My answer would have been, "Oops, Now I feel quite stupid to not realize this as a possibility, I failed to check for changing ISP-provided IP address". 

     

    So, the morale of the story is, if most of your ports (outbound) are working under a default setup, then ALL ports are probably working, even if a few don't seem to be working due to external reasons (such as IP-restrictions on external servers that need updated). Double and triple check that the access to the external resources is indeed broken. 

     

     

    Labels
    Top Kudoed Authors