Hi @ all,
I have an Fortigate 7.2.2 in AWS with two VDOM. On for Management (root) and one for Traffic.
The Traffic VDOM has two Interfaces
Actually I'm trying to reach an Internal Instance via SSH. For this I want to use Port Forwarding on Port 222 on the Elastic IP Interface 1.2.3.4. (VIP 1.2.3.4 -> 10.1.1.100 : TCP 222 -> 22)
Else I created an approbiate Firewallrule (any / VIP / 222 / allow)
If I try to ssh to 1.2.3.4 then I got the following error:
id=65308 trace_id=159 func=print_pkt_detail line=5892 msg="vd-aws-fw:0 received a packet(proto=6, x.x.x.x:52547->10.1.1.100:222) tun_id=0.0.0.0 from port2. flag [S], seq 3936964361, ack 0, win 64240"
id=65308 trace_id=159 func=init_ip_session_common line=6073 msg="allocate a new session-000035cb, tun_id=0.0.0.0"
id=65308 trace_id=159 func=vf_ip_route_input_common line=2605 msg="find a route: flag=80000000 gw-10.2.2.2 via aws-fw"
id=65308 trace_id=159 func=fw_local_in_handler line=536 msg="iprope_in_check() check failed on policy 0, drop"
Does someone of you have an helpful idea?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
After done some testing, I found out that this was caused by an routing misconfig on the Forti.
On your firewall policy try setting the service to SSH (TCP 22) instead of 222.
After done some testing, I found out that this was caused by an routing misconfig on the Forti.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.