Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gutta
New Contributor

Created on ‎04-23-2024 06:10 AM

FortiGate - setup ZKTeco Biometrics to VM server

i have set the ZKTecho Biomertics ip:x.x.x.x to connected to VM server IP :x.x.x.x for montring attendence i have update the police for all ports but still the connection not coming . need to create the VIP for ZKTecho Biomertics ? becaue already i testing by this but not working please assist if you have idea how can we integrated ?

Labels:
1135
0 Kudos
5 REPLIES 5
ozkanaltas
Valued Contributor III

Created on ‎04-23-2024 06:51 AM

Hello @gutta ,

 

If your monitoring person connects from the internet to this server. Yes, you need to create a VIP. You can get more information about VIP in this document. Also if you can share your configuration with us, we can advise to you. 

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configurati...

 

 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1118
hbac
Staff
Staff

Created on ‎04-23-2024 06:52 AM

Hi @gutta,

 

Yes, you need VIP to allow incoming traffic. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-port-forwarding-using-FortiGate-...

 

Regards, 

1117
Renante_Era
Staff
Staff

Created on ‎04-23-2024 07:01 AM

VIP are needed only if you want to access certain IP address and you want to forward specific or all traffic to a different IP address. For instance, if you want to access the device from outside through your public IP address -- since it's biometrics device then that's unlikely to be the case.
If the endpoints are in the same broadcast domain (Ex. biometrics 192.168.1.200/24, VM server: 192.168.1.201/24) then no need for firewall policy, if not, then create a firewall policy and make sure the IP address, subnet mask, and gateway are set correctly on that biometrics device.

BSCS, BCIS, MIT
1109
0 Kudos
mokles
New Contributor

Created on ‎05-19-2024 07:10 AM

Did you find any solution for this matter ?

911
0 Kudos
syao
Staff
Staff

Created on ‎05-19-2024 08:09 PM

If it still does not work after creating a VIP and firewall policy, I suggest collecting the debug flow from the FortiGate while you reproduce the issue.

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/38044/using-the-debug-flow-t...

888
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.