How to Allow HIK Vision NVR to Fortigate

grangermasfuss · ‎01-30-2025

Hi guys I'm new to the forum.I hope you can help me set up CCTV port forwarding from Fortigate. I've created a virtual IP, opened the port, and allowed this on policy already but won't give the device the internet,The device has an IP,is pingable, and is accessible on the local network.Is there a workaround here, Platform Access offline error

Anthony_E · ‎02-02-2025

Hello,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Anthony_E · ‎02-06-2025

Hello,

We are still looking for someone to help you.

We will come back to you ASAP.

Regards,

Anthony-Fortinet Community Team.

grangermasfuss · ‎02-06-2025

thanks, @Anthony_E , I tried also to create a separate VLAN for this CCTV only but still the same issue encountered.

Anthony_E · ‎02-10-2025

Hello,

To allow a Hikvision NVR to communicate through a FortiGate firewall, you can follow these general steps:

**Create Firewall Policies**: Configure inbound and outbound firewall policies on the FortiGate to allow traffic from and to the Hikvision NVR. - Specify the source and destination interfaces, addresses, services, and actions (allow) in the policies.
**Port Forwarding**: If remote access is needed, set up port forwarding on the FortiGate to forward specific ports used by the Hikvision NVR to the NVR's internal IP address.
**Security Profiles**: Ensure that any security profiles (like antivirus, IPS, application control) are not blocking the NVR traffic.
**VPN Configuration** (if applicable): If the NVR needs to communicate securely over the internet, consider setting up an IPsec VPN tunnel between the NVR location and the FortiGate.
**Testing**: Test the connection to ensure that the Hikvision NVR can communicate with the necessary servers and devices.

Anthony-Fortinet Community Team.

grangermasfuss · ‎02-10-2025

Hi @Anthony_E ive done this already. open the TCP udp port of nvr and create policies, still fortigate wont give device the internet,

Hemin88 · ‎02-10-2025

Hi @Anthony_E

What TCP ports have you allowed on that policy?

Make sure you have enabled 554, 8000 and 80

IP Network Engineer

dingjerry_FTNT · ‎02-10-2025

Hi @grangermasfuss ,

You confused me a bit.

"but won't give the device the internet"

-- It seems that you are going to allow the HIK Vision NVR device to access Internet, correct?

However, you mentioned this " I've created a virtual IP, opened the port, and allowed this on policy already "

-- This is conflicted with the above.

1) Virtual IP

We usually use Virtual IP for inbound access from the Internet to an internal server.

For example, you have an internal server with an internal IP, but you need to allow Internet users to access it from the Internet. This is the use case with Virtual IP.

2) If you need to allow the HIK Vision NVR device to access the Internet from the internal network, you may enable NAT or use the IP Pool within the firewall policy allowing this traffic.

Please check the following docs for how to configure them:

https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/898655/static-snat

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-SNAT-with-IP-pool/ta-p/19...

Regards,

Jerry

grangermasfuss · ‎02-10-2025

hi, @dingjerry_FTNT will try this. thanks for the clarification.

How to Allow HIK Vision NVR to Fortigate

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website