Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ragno
New Contributor

Created on ‎12-29-2014 07:49 AM

How to open a different port

Hi!

 

I have a Fortigate-50B (system 4.0 MR3) model, and I have to open ports like 8080, 993,465 because these ports are not listed at "Predefined" into "Services". All this traffic is being blocked by the firewall. 

 

I tried to create port 8080 into "Custom", by defining the source and destination port low/high with 8080, but after I placing in a Policy nothing changes and the port continue to be blocked.

What should I do for make this simple task?

 

Thank you.

Labels:
59985
0 Kudos
1 Solution
Dave_Hall
Honored Contributor
In response to ragno

Created on ‎12-29-2014 11:47 AM

Attached (top part) is a custom service (based on your requirements); (bottom part) is just a service group (on 5.0.9) grouping all the email services.  (These are just examples.)  Remember when you define your firewall policy -- move the rule up in the firewall chain so it get's executed.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
71 KB
4845
0 Kudos
6 REPLIES 6
Dave_Hall
Honored Contributor

Created on ‎12-29-2014 09:10 AM

It would help if you can define what you are trying to accomplish by opening these ports.  Are you trying to allow traffic on those ports out (internal->WAN) or outside in (WAN->Internal).

 

In a custom service, you generally define the dest/target (TCP/UDP) ports you want open -- the source or originating ports you (edit: usually) leave at 1-65535.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
4782
0 Kudos
ragno
New Contributor
In response to Dave_Hall

Created on ‎12-29-2014 09:48 AM

The traffic is Internal->WAN 

4782
0 Kudos
Dave_Hall
Honored Contributor
In response to ragno

Created on ‎12-29-2014 11:47 AM

Attached (top part) is a custom service (based on your requirements); (bottom part) is just a service group (on 5.0.9) grouping all the email services.  (These are just examples.)  Remember when you define your firewall policy -- move the rule up in the firewall chain so it get's executed.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
71 KB
4846
0 Kudos
ragno
New Contributor

Created on ‎12-29-2014 11:51 AM

Ok Dave,

 

I made the same way as you said and worked perfectly!

 

Thank you!

4783
0 Kudos
Yeruel_Birku
New Contributor
In response to ragno

Created on ‎03-14-2018 02:40 AM

Hi Team, Please help on the below.

I am looking for Policy create and NAT and Port Opening. 

I have public IP 197.156.Y.Y and Private IP 172.16.x.x. (Video conference codec server).

172.16.X.X---static Nat to ---197.156.Y.Y

And The port should open as below table.

Function

Port Range

point to point call+ People&Content

 Gatekeeper Discovery (RAS)

1718-1719 UDP

Q.931 Call Setup

1720 TCP

Audio Call Control

1731 TCP

Video Range

3230-3253 TCP/UDP

Audio Range

3230-3253 TCP/UDP

Data/FECC Range

3230-3253 TCP/UDP

Port Range

 1718-1719 UDP

1720 TCP

1731 TCP

3230-3253 TCP/UDP

3230-3253 TCP/UDP

3230-3253 TCP/UDP

4783
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to Yeruel_Birku

Created on ‎03-14-2018 07:51 AM

my advice: use a port-less (full) VIP and use a service group on the incoming policy. Much less effort than a dozen of VIPs and one VIP group.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4783
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.