Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiConnect
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDB
- FortiDDoS
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGuard
- FortiGate Cloud
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiPhish
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RE: How to open port 80
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 02-08-2011 01:54 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to open port 80
Hello,
please tell me how to open port 80. I`ve got Fortigate 60B with OS FGT60B-4.00-build272.
Thanks,
bartezgo
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
in what cases you want to open port 80?could you state what to achieve on your environment?
Fortigate Newbie
Fortigate Newbie
Not applicable
Created on 02-28-2011 01:09 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' m gonna join in on this request seeing as I' m sure it will apply to me.
I have an internal server that I' m trying to get traffic to over ports 80, 8081, and 4899.
In my firewall policies, nothing is working out.
let' s start with the more imporant configuration. here are some screen shots:
This policy is supposed to point webserver running services on port 8081.
Remotely, I can ping the FortiGate, but I can' t web browse on that port or port 80 (which is also configured for this server in the same policy)
This policy is supposed to point webserver running services on port 8081.
Remotely, I can ping the FortiGate, but I can' t web browse on that port or port 80 (which is also configured for this server in the same policy)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ bartezgo
Are you trying to get to port 80 on the FGT or on some other internal device?
@ Bartimus
Create a Virtual IP (under ' Firewall -> Virtual IP' ), then use that as the definition in a policy. The service has to match the end service, not the service shown on the outside port. For example, if your outside port 8081 was to be sent to port 80 on the inside, then the service you need in the policy is HTTP.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Not applicable
Created on 03-29-2011 10:00 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did it work?
My even simpler setup doesn' t work on a FGT60*. I' ve one fixed public IP (edited out below) and would like to access a web server from the Internet. Here the relevant config
config system interface
edit " internal"
set vdom " root"
set ip 192.168.1.10 255.255.255.0
set allowaccess ping https http telnet
set type physical
next
edit " wan1"
set vdom " root"
set ip <my public IP>/<subnet mask>
set allowaccess ping https
set type physical
next
config firewall vip
edit " Webserver"
set extip <my public IP>
set extintf " wan1"
set portforward enable
set mappedip 192.168.1.2
set extport 80
set mappedport 80
next
config firewall policy
edit 1
set srcintf " internal"
set dstintf " wan1"
set srcaddr " all"
set dstaddr " all"
set action accept
set schedule " always"
set service " ANY"
set nat enable
next
edit 2
set srcintf " wan1"
set dstintf " internal"
set srcaddr " WebServExt"
set dstaddr " WebSrv"
set action accept
set schedule " always"
set service " HTTP"
set nat enable
set fixedport enable
next
end
I did a: diagnose sniffer packet wan1 ' tcp port 80'
Packets arrive destined for port 80
but diagnose sniffer packet internal ' tcp port 80' does not show anything.
I changed various settings in the firewall policy:
- with and without NAT
- with and without fixed port
Did anyone succeed setting up such a simple configuration?
not so ' sharp_mind'
*FGT-60-3.00-FW-build741-090408
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello and welcome
config firewall vip edit " Webserver" set extip <my public IP> set extintf " wan1" set portforward enable set mappedip 192.168.1.2 set extport 80 set mappedport 80 nextDid you also free the ' 80' administrative port from System->Admin->Settings? Does have 192.168.1.2 the FTG' s internal interface as default gateway?
regards
/ Abel
regards
/ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, I was about to point to the same: you have HTTP enabled on the ' internal' port. HTTP traffic is accepted by the FGT itself then and not sent through it.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Not applicable
Created on 03-29-2011 11:02 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for yur reply.
Yes port 80 is " freed from adimistrative duties" , see the paragaph " wan1" in my post. After my post UNchecked HTTP from any other interfaces. Admin port for HTTP is set to 8080.
In the CLI window I typed in: diagnose sniffer packet internal ' tcp port 80'
This should show any packets destined for port 80. Nothing displayed.
I still don' t see any traffic even without filter.
On the external interface I see traffic for port 80 coming in.
Gateway on the webserver is set to the internal IP of my FGT
Clueless sharp_mind
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
of what i can see from your config:
on the Wan1 -> Internal policy:
set source address to " all"
on destination address, select the name of the VIP you created
uncheck the NAT box, doing a VIP makes it nat.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Not applicable
Created on 04-03-2011 08:14 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As sad as it may sound I used to manage an FGT800 which was decommissioned a few years back. It did exactly what I want to do (among other things). So I looked up the config and started with my FGT60 over again.
Here is the relevant portion of the new config (public IP edited out):
config system interface
edit " internal"
set vdom " root"
set ip 192.168.1.10 255.255.255.252
set allowaccess ping https telnet
set type physical
next
edit " wan1"
set vdom " root"
set ip <public IP> 255.255.255.252
set allowaccess ping
set type physical
next
end
config firewall vip
edit " WebserverInbound"
set extip <public IP>
set extintf " wan1"
set mappedip 192.168.1.2
next
end
config firewall policy
edit 1
set srcintf " internal"
set dstintf " wan1"
set srcaddr " all"
set dstaddr " all"
set action accept
set schedule " always"
set service " ANY"
set nat enable
next
edit 2
set srcintf " wan1"
set dstintf " internal"
set srcaddr " all"
set dstaddr " WebserverInbound"
set action accept
set schedule " always"
set service " HTTP"
next
end
config router policy
edit 1
set input-device " internal"
set src 192.168.1.2 255.255.255.255
set gateway <public IP>
set output-device " wan1"
next
edit 2
set input-device " wan1"
set dst <public IP> 255.255.255.255
set gateway 192.168.1.10
set output-device " internal"
next
end
I captured packet with:
- diagnose sniffer packet ' wan1' ' 80'
- diagnose sniffer packet ' internal' ' 80'
- diagnose sniffer packet ' internal' ' '
I saw traffic coming in on wan1 but did not see any traffic ' internal' .
So I assume that' s where the problem is.
For the FGT800 I had serveral public IPs and now I have one single public IP.
Anyone any ideas?
not so sharp_mind
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- 7.6.0 WAD memory leak, Fortigate 200F 77 Views
- ZTNA within a 2 site setup... 108 Views
- If not apply security profile, will... 68 Views
- Printing Over ZTNA Proxy 104 Views
- FortiClient SSL VPN - SSO/SAML Issue 196 Views
Labels
-
FortiGate
8,012 -
FortiClient
1,606 -
5.2
801 -
FortiManager
677 -
5.4
639 -
FortiAnalyzer
516 -
FortiSwitch
423 -
FortiAP
421 -
6.0
416 -
5.6
362 -
FortiClient EMS
362 -
FortiMail
300 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
187 -
SSL-VPN
174 -
FortiNAC
160 -
IPsec
154 -
6.4
128 -
FortiGuard
124 -
FortiGateCloud
98 -
FortiCloud Products
94 -
FortiSIEM
93 -
SD-WAN
88 -
FortiToken
86 -
Customer Service
74 -
Wireless Controller
74 -
FortiAuthenticator
68 -
4.0MR3
64 -
FortiProxy
53 -
Firewall policy
53 -
FortiEDR
50 -
Fortivoice
49 -
FortiADC
49 -
FortiExtender
43 -
VLAN
42 -
FortiDNS
41 -
High Availability
40 -
FortiSandbox
39 -
ZTNA
37 -
FortiGate v5.4
35 -
Routing
34 -
LDAP
34 -
FortiSwitch v6.4
33 -
DNS
33 -
BGP
32 -
SAML
31 -
Certificate
30 -
Interface
29 -
SSO
27 -
NAT
27 -
FortiConnect
25 -
Authentication
25 -
FortiWAN
24 -
FortiConverter
24 -
RADIUS
24 -
FortiGate v5.2
23 -
VDOM
23 -
FortiLink
22 -
Virtual IP
20 -
Web profile
20 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
Fortigate Cloud
18 -
Logging
18 -
FortiMonitor
16 -
Traffic shaping
16 -
Application control
16 -
FortiDDoS
15 -
FortiPAM
15 -
FortiGate v5.0
14 -
SSL SSH inspection
14 -
OSPF
13 -
FortiCASB
12 -
SSID
12 -
IP address management - IPAM
12 -
FortiManager v5.0
11 -
Automation
11 -
Admin
11 -
Static route
11 -
WAN optimization
11 -
Web application firewall profile
11 -
FortiRecorder
10 -
SNMP
10 -
4.0MR2
9 -
FortiSOAR
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
FortiGate v4.0 MR3
8 -
FortiManager v4.0
8 -
FortiBridge
8 -
IPS signature
8 -
System settings
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
RMA Information and Announcements
7 -
Traffic shaping policy
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Security profile
6 -
Port policy
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Fabric connector
5 -
3.6
4 -
FortiDeceptor
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Antivirus profile
4 -
Traffic shaping profile
4 -
DLP sensor
4 -
Email filter profile
4 -
Web rating
4 -
Fortinet Engage Partner Program
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Netflow
3 -
Replacement messages
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
API
2 -
FortiNDR
2 -
Application signature
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
Service
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1 -
Cloud Management Security
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1468 | |
| 1007 | |
| 748 | |
| 443 | |
| 206 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.