Hi there,
I'm trying to allow external access to an internal web server controlled by a Fortigate 300D unit.
I have a web server at internal address 10.18.1.22 listening on port 3000. Access ok from the network.
My network only has one external ip address EXT_IP (that i can see when going on whatismyip.com).
I want to open external access to the server so I did the following:
[ul]External IP Address: EXT_IP
Mapped IP Address: 10.18.1.22
External Service Port: 3000-3000
Map to Port: 3000-3000
[ul]
Incoming interface: Port 2 (External)
Source Address: all
Outgoing Interface: Port 1 (Internal)
Destination Address: My Virtual IP
Service: HTTP, HTTPS
Additional information:
Port 2 (External) is an interface with address EXT_IP and PING, HTTPS and HTTP access.
I thought that with this configuration, I could go to:
http://EXT_IP:3000 and access my web server, but it's not the case, nothing happens.
What am I missing ?
Many thanks,
It seems that I couldn't access the server from my network because I had to do two policies, one for internal and one for external. Anyway I has also to setup an http_3000 service.
Thanks
You are right, I just meant that I entered the IP address that I found in whatsmyip.com. It turns out that the mask is 255.255.255.248 and "whois info" on my IP gives me a range of IP so I may not have only one.
The access is now possible from the outside using my internal interface, I now would like to change that to do it through a DMZ interface, i'll open a new thread for that cuz it's not working, maybe a hardware (connection) issue.
Thanks everyone,
syldor wrote:This does by no means mean that you only have one public IP address.My network only has one external ip address EXT_IP (that i can see when going on whatismyip.com).
Check your interface settings and kindly let us know the last octet (digets behind the last dot) and the subnet mask.
You are right, I just meant that I entered the IP address that I found in whatsmyip.com. It turns out that the mask is 255.255.255.248 and "whois info" on my IP gives me a range of IP so I may not have only one. The access is now possible from the outside using my internal interface, I now would like to change that to do it through a DMZ interface, i'll open a new thread for that cuz it's not working, maybe a hardware (connection) issue. Thanks everyone,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.