Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
myrdin
New Contributor

Forwarding some ports resulting in Fortigate to classify source as threat

Hi,

 

first post here, hi all! This is the situation:

- simple port forward from 8022 (Wan) to host in lan (port 22).

- it does not work, whatever source ip that tries to open connection on port 8022 (yes i added both VIP and firewall rule, i have many rules that work fine) it gets denied by the default deny rule as classified as HIGH threat.

- if i do a 22 to 22 same public same host it works. 

- is Fortigates classifies ports 80xx as threat by default? Is there a way to whitelist source IPs so they dont get scanned?

 

thanks

 

3 REPLIES 3
gschmitt
Valued Contributor

myrdin wrote:

- is Fortigates classifies ports 80xx as threat by default? Is there a way to whitelist source IPs so they dont get scanned?

 

To whitelist source IPs from UTM you can simply create an address object with the wanted IPs, create a new policy:

Source Interface wan1

Source Address: The address object

Destination Interface: internal

Destination Address: your VIP object

Services: as needed (start with any to test)

NAT as needed

disable all UTM

 

and move the resulting policy ABOVE the existing one.

 

BUT I am guessing the problem with your policy is your services, which services did you allow in the policy?

emnoc
Esteemed Contributor III

I would have to agreed, but really your 1st step is to look at diag debug flow. In fact se the filter for the 8022 port and make sure it's not being block ahead.

 

e.g

 

diag debug reset

diag debug en

diag debug flow filter port 8022

diag debug flow show console enable

diag debug flow trace start 100

 

Place trafffic and the vip and port and monitor the output; when done, execute the following;

 

 

diag debug reset

diag debug disable

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
myrdin
New Contributor

thanks guys, i will do some more tests and update the thread.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors