Hi @ all,
I have an Fortigate 7.2.2 in AWS with two VDOM. On for Management (root) and one for Traffic.
The Traffic VDOM has two Interfaces
Actually I'm trying to reach an Internal Instance via SSH. For this I want to use Port Forwarding on Port 222 on the Elastic IP Interface 22.214.171.124. (VIP 126.96.36.199 -> 10.1.1.100 : TCP 222 -> 22)
Else I created an approbiate Firewallrule (any / VIP / 222 / allow)
If I try to ssh to 188.8.131.52 then I got the following error:
id=65308 trace_id=159 func=print_pkt_detail line=5892 msg="vd-aws-fw:0 received a packet(proto=6, x.x.x.x:52547->10.1.1.100:222) tun_id=0.0.0.0 from port2. flag [S], seq 3936964361, ack 0, win 64240"id=65308 trace_id=159 func=init_ip_session_common line=6073 msg="allocate a new session-000035cb, tun_id=0.0.0.0"id=65308 trace_id=159 func=vf_ip_route_input_common line=2605 msg="find a route: flag=80000000 gw-10.2.2.2 via aws-fw"id=65308 trace_id=159 func=fw_local_in_handler line=536 msg="iprope_in_check() check failed on policy 0, drop"
Does someone of you have an helpful idea?
Go to Solution.
After done some testing, I found out that this was caused by an routing misconfig on the Forti.
View solution in original post
On your firewall policy try setting the service to SSH (TCP 22) instead of 222.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.