Hi there,
I'm trying to allow external access to an internal web server controlled by a Fortigate 300D unit.
I have a web server at internal address 10.18.1.22 listening on port 3000. Access ok from the network.
My network only has one external ip address EXT_IP (that i can see when going on whatismyip.com).
I want to open external access to the server so I did the following:
[ul]External IP Address: EXT_IP
Mapped IP Address: 10.18.1.22
External Service Port: 3000-3000
Map to Port: 3000-3000
[ul]
Incoming interface: Port 2 (External)
Source Address: all
Outgoing Interface: Port 1 (Internal)
Destination Address: My Virtual IP
Service: HTTP, HTTPS
Additional information:
Port 2 (External) is an interface with address EXT_IP and PING, HTTPS and HTTP access.
I thought that with this configuration, I could go to:
http://EXT_IP:3000 and access my web server, but it's not the case, nothing happens.
What am I missing ?
Many thanks,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Make below changes in policy.
Incoming interface: Port 2 (External) Source Address: all Outgoing Interface: Port 1 (Internal) Destination Address: My Virtual IP Service: PORT_3000
Do you mean creating a service with port 3000 redirection ?
Actually I tried Service: all and all_udp and it's still not working.
Should I wait between updating rules and trying to access with my browser ?
Thanks anyway,
Just create a new service Port_3000 service in the firewall, & attached that service in policy.
If you allowed all so it wont work.
Hi,
Please don't define the Source Port in the Service & test.
Regards,
Shridhar
Still no luck ...
The diag debug flow is your friend but you probably don't have the firewall-policy and/or forwarding vip working correctly. If this is a https website ,you might be best to just redirect x.x.x.x:443 to internal:3000 ( just a thought )
Run diag debug flow with a filter of the internal server and validate the policy.
e.g
diag debug reset
diag debug enable
diag debug flow filter port 3000
diag debug flow show console enable
diag debug flow trace start 100
Don't for get to disable after testing;
diag debug dis
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.