Hello,
Im unsure how to properly word my question so bare with me.
We're currently running Fortigate as our firewall and vpn to which we connect from outside of our network to work remotely when needed. We're also in process of implementing an employee web panel, which needs to be accessible from outside of our network.
Im new to fortinet and unsure how to properly set it up. We have a public ip that we use for vpn connections, and I'd like to use that ip address to redirect web traffic from specific port to local ip
Example:
local web panel address: 10.1.2.63 (running default on port 8080 (this will be changed at later date - lets use this as example though)
public vpn ip address (not actual, just random for example purposes): 83.0.109.50.
Now, what do i need to do to be able to use 83.0.109.50:8080 outside of my network to access that web panel (83.0.109.50:8080 will point to 10.1.2.63 locally)
Please feel free to ask any questions for information i might've missed.
Many thanks for your assistance!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Everything seems to be okay - i've changed the webservers port to 80 just to be sure and it worked, maybe there was something going on with port 8080. I've applied same rules for vip but with port 443 for ssl - is this enough to provide users with the panel that has ssl?
Created on 03-12-2024 03:58 AM Edited on 03-12-2024 03:58 AM
If your FortiGate management interface or SSL-VPN does not use the 443 port. You can use this port.
If the 443 port is used for any services on your FortiGate, you can't use the 443 port.
Also, you can use port translation on VIP configuration. For example
Your service still running on 443 port but your client can access to this service with 8443 port from outside.
Created on 03-12-2024 06:03 AM Edited on 03-12-2024 06:03 AM
I have it set up like this right now. Is this correct? My ssl-vpn is running under 11443 port so i used 443 for www. Of course i also added the Clone of www to the firewall destination too
If your FortiGate web UI does not use the 443 port, this configuration is also ok.
It should be working.
Created on 03-12-2024 06:27 AM Edited on 03-12-2024 06:29 AM
Okay, in that case when i go through http:// the website loads, https:// i get domain.com refused to connect :( Im unsure where to look - can this be caused by the webserver too, or is it strickly forti config i need to focus on?
Below are ssl-settings tab
I think you should review the web server configuration.
Does it work properly in the local network?
So this doesnt really matter in my scenario?
No, because ssl-vpn works on different ports.
You need to check also FortiGate web GUI port settings. This configuration is under the System -> Settings menu. If you see anything about 443, you need to change this setting or your web server vip port configuration should be different than 443 port.
Okay, yes there was HTTPS port of 443. I changed my vip port to 12443 - now i get domain.com took too long to respond when trying to connect through https
I'm glad it worked. :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.