- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Fortigate 60D Port Forwarding Not Working After Su...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 60D Port Forwarding Not Working After Subscription Lapsed
Hello,
I have a Fortigate 60D unit that has a lapsed subscription. Since then the configured port forwarding did not work anymore. Based on the information, I've disabled all features that requires subscriptions (Application Control, Web Filtering, etc.), but the port forwarding still does not work.
The settings are configured before the unit is registered to Fortinet, so I am assuming that the features should still work. Is there anything else that I may have missed here that will help to re-enable the settings?
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In my experience there's no dependency between licence status and VIP. Web filter will block traffic if unlicenced but not firewalling.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the clarification.
To further troubleshoot this issue, is there a page that contains the steps to do so? I've attempted to do a packet trace of the server affected from Fortigate, but it does not seem to capture any data.
vlite
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
'diag debug flow' is your friend!
(sorry Ken, I just had to...)
Ken Felix has posted a tutorial on the debug flow command here
Post the output here and we'll see what to make of it.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds good. Thanks for the steps. I'll try them out when I'm back to the premise on a few days.
See Hua
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NP ;)
And yes on web-filter would block traffic if subscription laspes and that's only if categorization is enabled.
IPS AV/MAL would just leave you un-protected. Your port forwarding issues is probably something else but your doing the right thing with disabling any UTM features to eliminate them.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
I've managed to pin down the real issue this time. It was due to the DDNS update not working properly.
I noticed earlier that the packet traces failed to record anything when I tried to access the the port services within the premise. Thus I decided to check whether the IP pointed by the dyndns address is the same as the public IP address of the premise, and voila! The addresses did not match.
Set the Dyndns in the firewall to use x.float-zone.com and outside access worked again!
Thanks everyone for your advice, they have been really helpful in troubleshooting this issue. I've also learned a lot about the Fortigate Firewall in the process.
Related Posts
- Issue with FORTINET Webfilter 177 Views
- Switch forwards packets to Fortigates as... 247 Views
- Port forward fail 326 Views
- Webfilter license won't work despite having... 283 Views
- Fortigate initiating local traffic for blocked... 427 Views
Labels
-
FortiGate
6,854 -
FortiClient
1,358 -
5.2
801 -
5.4
639 -
FortiManager
587 -
FortiAnalyzer
432 -
6.0
416 -
5.6
362 -
FortiAP
357 -
FortiSwitch
353 -
FortiClient EMS
277 -
FortiMail
267 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
165 -
6.4
128 -
FortiNAC
115 -
FortiGuard
109 -
IPsec
94 -
FortiSIEM
91 -
FortiGateCloud
90 -
FortiCloud Products
85 -
SSL-VPN
75 -
FortiToken
74 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
45 -
FortiEDR
42 -
Fortivoice
41 -
SD-WAN
36 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiDNS
35 -
FortiSandbox
33 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
High Availability
27 -
VLAN
26 -
FortiAuthenticator
25 -
FortiConnect
24 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiGate v5.2
17 -
FortiSwitch v6.2
16 -
DNS
16 -
Certificate
16 -
SAML
15 -
BGP
15 -
LDAP
15 -
VDOM
15 -
FortiMonitor
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
FortiDDoS
13 -
Authentication
12 -
fortilink
12 -
Routing
12 -
FortiCASB
12 -
RADIUS
10 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
Fortigate Cloud
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Traffic shaping policy
6 -
FortiBridge
6 -
SNMP
6 -
Web application firewall profile
6 -
Web profile
6 -
Proxy policy
5 -
FortiAP profile
5 -
WAN optimization
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.