Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rpall1988
New Contributor

Created on ‎07-11-2022 02:54 AM

Fortigate 40F could not open Port and policys are wrong

hi there, 

 

i want to open some ports on my forti 40f, but i don´t can do this, i read in the internet, put under policy and objects i have no button for ipv4

rpall1988_0-1657533172855.png

any ideas what i do wrong?

 

Labels:
1952
0 Kudos
7 REPLIES 7
Yurisk
SuperUser
SuperUser

Created on ‎07-11-2022 03:00 AM

The 1st screenshot shows how to create a VIP, in the example from external IP of 10.10.10.128 to internal 172.20.20.218, mapping/port-forwarding external port 8080 to internal 80. 

https://yurisk.info/2021/05/24/perform-snat-and-dnat-on-the-same-traffic-in-fortigate/ 

 

Otherwise, bring screenshots of what you are trying to do.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
1947
0 Kudos
rpall1988
New Contributor
In response to Yurisk

Created on ‎07-13-2022 02:20 AM

Hi Yuri,

 

many thanks, what i want to do, in my network there are 10 clients, ip managed from a server. now i have the callenge our programm for using evva airkey needs the port 50743 to connect the coding-station. i have set a VIP source 213.164.21.5 and tcp port 50743 , also for udp, and my internal adresses to the clinets.... but it could not connect

rpall1988_0-1657703887948.png

rpall1988_1-1657704019655.png

 

this is my first time to use the fortigate... i have no idea

 

 

 

 

1925
0 Kudos
Muhammad_Haiqal
Staff
Staff
In response to rpall1988

Created on ‎07-13-2022 06:56 PM

Hi @rpall1988 ,

Your VIP configuration is correct. However, this VIP is not "Active" yet.

Please create a Firewall policy to use this VIP.

 

Source: Any

Destination : Evva, Evva_UDP (this is your VIP configuration)

Services : Any

NAT: Disabled

Action : Allow
Apply

Test it and let us know if this works.
Then, consider to fine tune the above policy to allow only port 50743.

Hope that helps.

haiqal
1897
0 Kudos
Yurisk
SuperUser
SuperUser

Created on ‎07-13-2022 06:25 AM

Your VIP looks correct, it translates connections incoming to the WAN IP 213.164.21.5 on port 50743 TCP/UDP inbound to the internal IP you set.  So, most probably the destination server in LAN does not listen on this port 50743 for incoming connections. Do you have means of checking this server directly from LAN - trying to connect to it? 

 

BTW, it is probably not a good idea to open incoming port 50743 from any IP on the Internet, consider narrowing the source IP to specific ones.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
1915
0 Kudos
anikolov
Staff
Staff

Created on ‎07-13-2022 06:25 AM

Hello rpall1988,

 

Please check the KB below, it explains how to implement a VIP. Please don't forget to make a firewall policy to implement the VIP from outside to inside:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-Virtual-IPs-to-configure-port-forwar...

 

Please let me know if this helps.

 

Regards,

Aleksandar Nikolov
1915
0 Kudos
rpall1988
New Contributor

Created on ‎07-15-2022 07:20 AM Edited on ‎07-15-2022 07:22 AM

i try it again, nor i have made some VIP´s include the ports 443 and 50743 that i need for my coding station (include also my public ip)

rpall1988_3-1657894922815.png

 

 

let me explain: airkey needs port 50743 for my coding station that i can made some key´s, als my computer needs the open port 50743, i made a hotspot to look if i have some issues on my setup, but there it works, my station gets connectet, when it´s connectet in my webbrowser (EDGE,Chrome,Firefox) and i go back to my "normal" network (no hotspot) it works.... 

rpall1988_1-1657894709847.png

 

 

i made the policy:

rpall1988_2-1657894751457.png

[cry] but i won´t work... i can ping the webpage, but the port is close... 

 

regards

 

1872
0 Kudos
Muhammad_Haiqal
Staff
Staff
In response to rpall1988

Created on ‎07-17-2022 06:29 PM

Hi @rpall1988 ,

Everything looks good on your configuration. 
This need further checking.  I would suggest to call Fortinet Support here: https://www.fortinet.com/support/contact.html

Support will verify if the issue is on Fortigate level or not.

 

haiqal
1867
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.