Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vlite
New Contributor

Created on ‎04-02-2016 02:47 AM

Fortigate 60D Port Forwarding Not Working After Subscription Lapsed

Hello, 

 

I have a Fortigate 60D unit that has a lapsed subscription. Since then the configured port forwarding did not work anymore. Based on the information, I've disabled all features that requires subscriptions (Application Control, Web Filtering, etc.), but the port forwarding still does not work. 

 

The settings are configured before the unit is registered to Fortinet, so I am assuming that the features should still work. Is there anything else that I may have missed here that will help to re-enable the settings? 

7200
0 Kudos
6 REPLIES 6
ede_pfau
SuperUser
SuperUser

Created on ‎04-02-2016 10:36 AM

In my experience there's no dependency between licence status and VIP. Web filter will block traffic if unlicenced but not firewalling.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3072
0 Kudos
vlite
New Contributor
In response to ede_pfau

Created on ‎04-03-2016 08:17 PM

Thanks for the clarification.

 

To further troubleshoot this issue, is there a page that contains the steps to do so? I've attempted to do a packet trace of the server affected from Fortigate, but it does not seem to capture any data.

 

vlite

3072
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to vlite

Created on ‎04-04-2016 02:25 AM

'diag debug flow' is your friend!

 

(sorry Ken, I just had to...)

Ken Felix has posted a tutorial on the debug flow command here

Post the output here and we'll see what to make of it.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3072
0 Kudos
vlite
New Contributor
In response to ede_pfau

Created on ‎04-07-2016 12:31 AM

Sounds good. Thanks for the steps. I'll try them out when I'm back to the premise on a few days.

 

See Hua

3072
0 Kudos
emnoc
Esteemed Contributor III
In response to vlite

Created on ‎04-07-2016 07:06 AM

NP ;)

 

And yes  on web-filter would block  traffic if subscription laspes and that's only if categorization is enabled.

 

IPS AV/MAL would just leave you un-protected. Your port forwarding issues is probably something else but your doing the right thing with  disabling any UTM features to eliminate them.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
3072
0 Kudos
vlite
New Contributor
In response to emnoc

Created on ‎05-03-2016 07:38 PM

Hello all,

 

I've managed to pin down the real issue this time. It was due to the DDNS update not working properly.

 

I noticed earlier that the packet traces failed to record anything when I tried to access the the port services within the premise. Thus I decided to check whether the IP pointed by the dyndns address is the same as the public IP address of the premise, and voila! The addresses did not match.

 

Set the Dyndns in the firewall to use x.float-zone.com and outside access worked again!

 

Thanks everyone for your advice, they have been really helpful in troubleshooting this issue. I've also learned a lot about the Fortigate Firewall in the process.

3072
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.