Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
greymont
New Contributor

Created on ‎03-30-2016 07:39 AM

Configuring port forwarding for Tablo device?

Just acquired a Fortigate 70D and setting it up for the first time. Have not configured anything as complicated or powerful as this firewall before.

 

Tablo is a device for capturing over-the-air TV broadcasts and streaming them to your viewing devices. It requires some port forwarding when you want to reach the device from outside. Specifically, it requires port 21101->8887 and 21100->80.

 

I have tried to configure this on our Fortigate 70D but the device still says it is not properly configured.

 

Here are all the sections of the config that pertain to the Tablo device. Please help me find where I have done something incorrect (or made it more complicated than it needs to be)!

 

config system dhcp server     edit 1         config reserved-address             edit 1                 set ip 192.168.11.103                 set mac 50:87:b8:00:37:6a                 set description "Dougs Tablo"             next         end     next end config firewall address     edit "Tablo"         set uuid b9fddbc0-f600-51e5-0ff2-7847ec29b744         set comment "Doug\'s Tablo"         set associated-interface "internal1"         set subnet 192.168.11.103 255.255.255.255     next end config firewall service custom     edit "Tablo1"         set category "Remote Access"         set iprange 192.168.11.103         set tcp-portrange 8887:21101     next     edit "Tablo2"         set category "Remote Access"         set iprange 192.168.11.103         set tcp-portrange 21100:80     next end config user device     edit "Tablo"         set mac 50:87:b8:00:37:6a         set comment "Doug\'s Tablo device"         set type media-streaming     next end config firewall vip     edit "Tablo Port Forwarding 1"         set uuid 4daca788-f607-51e5-c42b-fe2a69feddee         set comment "Control port for Tablo"         set extintf "wan1"         set portforward enable         set mappedip "192.168.11.103"         set extport 21101         set mappedport 8887     next     edit "Tablo port forwarding 2"         set uuid 74f87f6a-f607-51e5-1ef0-3e6ff599442f         set comment "Data port for Tablo"         set extintf "wan1"         set portforward enable         set mappedip "192.168.11.103"         set extport 21100         set mappedport 80     next end config firewall vipgrp     edit "All Tablo rules"         set uuid d56205ba-f607-51e5-48d8-37aee6da64ef         set interface "wan1"         set member "Tablo Port Forwarding 1" "Tablo port forwarding 2"     next end config firewall policy     edit 1         set uuid c3f4ddec-f5f4-51e5-0480-dd1ecf996d9a         set srcintf "internal1"         set dstintf "wan1"         set srcaddr "all"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set utm-status enable         set application-list "default"         set profile-protocol-options "default"         set ssl-ssh-profile "certificate-inspection"         set nat enable     next     edit 2         set name "All Tablo forwarding"         set uuid e0dde57a-f608-51e5-ef5d-2c62943342d5         set srcintf "wan1"         set dstintf "internal1"         set srcaddr "all"         set dstaddr "All Tablo rules"         set action accept         set schedule "always"         set service "Tablo1" "Tablo2"         set nat enable     next end

6873
0 Kudos
1 Solution
Jeff_FTNT
Staff
Staff

Created on ‎03-30-2016 09:13 AM

You may try to  replace policy 2 "set service "Tablo1" "Tablo2" with "set service ALL". "firewall service custom " setting is wrong

View solution in original post

3476
0 Kudos
5 REPLIES 5
Jeff_FTNT
Staff
Staff

Created on ‎03-30-2016 09:13 AM

You may try to  replace policy 2 "set service "Tablo1" "Tablo2" with "set service ALL". "firewall service custom " setting is wrong

3477
0 Kudos
greymont
New Contributor
In response to Jeff_FTNT

Created on ‎03-30-2016 10:07 AM

Well that change certainly fixed something since the device now reports all is well.

I'm still not sure why my original config was wrong, however.

Thanks for the help!

3419
0 Kudos
greymont
New Contributor
In response to greymont

Created on ‎10-18-2016 01:35 PM

Well I'm back again after we had to re-install this Fortigate 70D. Same problem as before: Tablo device on LAN says NAT is not working properly. It requires WAN TCP port 21101->8887 and TCP port 21100->80.

 

Any help would be greatly appreciated!

 

Here are all conf entries mentioning Tablo:

 config firewall address    edit "Tablo"        set uuid b9fddbc0-f600-51e5-0ff2-7847ec29b744        set comment "Doug\'s Tablo"        set associated-interface "internal1"        set subnet 192.168.11.183 255.255.255.255    nextendconfig user device    edit "Tablo"        set mac 50:87:b8:00:37:6a        set comment "Doug\'s Tablo device"        set type media-streaming    nextendconfig firewall service custom    edit "Tablo1"        set category "Remote Access"        set iprange 192.168.11.183        set tcp-portrange 21101:8887    next    edit "Tablo2"        set category "Remote Access"        set iprange 192.168.11.183        set tcp-portrange 21100:80    nextendconfig firewall vip    edit "Tablo Port Forwarding 1"        set uuid 4daca788-f607-51e5-c42b-fe2a69feddee        set comment "Control port for Tablo"        set extintf "wan1"        set portforward enable        set mappedip "192.168.11.183"        set extport 21101        set mappedport 8887    next    edit "Tablo Port Forwarding 2"        set uuid 74f87f6a-f607-51e5-1ef0-3e6ff599442f        set comment "Data port for Tablo"        set extintf "wan1"        set portforward enable        set mappedip "192.168.11.183"        set extport 21100        set mappedport 80    nextendconfig firewall vipgrp    edit "All Tablo rules"        set uuid d56205ba-f607-51e5-48d8-37aee6da64ef        set interface "wan1"        set member "Tablo Port Forwarding 1" "Tablo Port Forwarding 2"    nextendconfig firewall policy    edit 2        set name "All Tablo forwarding"        set uuid a425829e-956a-51e6-5043-d17a780c8506        set srcintf "wan1"        set dstintf "internal1"        set srcaddr "all"        set dstaddr "All Tablo rules"        set action accept        set schedule "always"        set service "ALL"        set nat enable    nextendconfig system dhcp server        config reserved-address            edit 1                set ip 192.168.1.183                set mac 50:87:b8:00:37:6a                set description "Doug\'s Tablo"            next        end    nextend

3419
0 Kudos
greymont
New Contributor
In response to greymont

Created on ‎10-19-2016 06:31 AM

Here's another detail that is puzzling. The first port forwarding rule seems to be working but the second is not. They both look like they are configured exactly the same way so I'm wondering why one works but the other does not!

 

See attached screen shot of what the Tablo device reports.

 

Any ideas??

 

3419
0 Kudos
greymont
New Contributor
In response to greymont

Created on ‎11-01-2016 06:16 AM

Turns out the second forwarding rule had a typo in the IP address. Looks like everything was done correctly except for that.

3419
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.