Hi
We have a fortigate60e and have successfully setup ip4 policies on it and simple failover feature.
Now we're having problems on two ricoh digital printers, these two machines to connect externally to ricoh servers to send diagnostic and consumable information to the vendor. According to the vendor support it uses port 161 and 443 udp to connect to a range of hosts ips 210.173.216.40 to 210.172.216.77. We went thru cookbook "Using virtual IPs to configure port forwarding" but the scenario presented is from outside remote user going inside internal network.
Is there a cookbook showing the other way around from inside or behind the firewall connecting to outside?
Thanks and Regards
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Assuming the communication is initiated from behind the fgt device, outward - there shouldn't be a need to create VIPs. Just set up the firewall policy using the printers IPs as the source address(s) with the ricoh servers IP address range as the dest addresses. Something like:
config firewall address edit "ricoh-printer1" set associated-interface "internal" set subnet 192.168.1.20 255.255.255.255 next edit "ricoh-printer2" set associated-interface "internal" set subnet 192.168.1.21 255.255.255.255 next edit "ricoh-printer-servers" set type iprange set associated-interface "wan1" set start-ip 210.173.216.40 set end-ip 210.173.216.77 next end config firewall addrgrp edit "ricoh-printer-group" set member "ricoh-printer1" "ricoh-printer2" next end config firewall policy edit 1 set name "ricoh -printer-service-access" set srcintf "internal" set dstintf "wan1" set srcaddr "ricoh-printer-group" set dstaddr "ricoh-printer-servers" set action accept set schedule "always" set service "ALL" set nat enable next end
Move this firewall policy above any general firewall policy so it is triggered. Add any UTM features accordingly.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
The default one-line firewall policy that is configured on factory reset fgt devices are set to allow "open access" traffic from the internal interface to through the WAN connection - if your company has crafted their own firewall polices then that question should be directed to whoever created those policies.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.