Hi,
I'm having issue to access to a Mikrotik router, that is a WireGuard server, behind a FortiGate 60F.
IP of 60F is 192.168.113.1, the IP of the Mikrotik is 192.168.113.4, the WireGuard port is 51820, I created a virtual IP on the FG
SYSFW60F (WireGuard) # show
config firewall vip
edit "WireGuard"
set uuid f03ef9d2-b285-51ed-108d-f7e3e193c54a
set extip xx.xx.xx.xx
set mappedip "192.168.113.4"
set extintf "wan1"
set portforward enable
set protocol udp
set extport 51820
set mappedport 51820
next
end
Then a firewall rule with the virtual IP
SYSFW60F (2) # show
config firewall policy
edit 2
set name "WireGuard"
set uuid e023f12c-b1ce-51ed-67ea-7da8d93cead2
set srcintf "wan1"
set dstintf "internal"
set action accept
set srcaddr "all"
set dstaddr "WireGuard"
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
next
end
But I don't see any traffic using this rule, nor I'm able to get the WireGuard handshake.
Any suggestion?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
In case NAT is not configured you may consider to collect debug flow traces and try to trigger the issue:
diagnose debug flow filter saddr <source IP address>
diagnose debug flow show function-name enable
diagnose debug flow trace start 10
diagnose debug enable
and traffic sniffer
diagnose sniffer packet any 'host <source IP address>' 4 0 a
I'm behind a NAT, I don't see any traffic from the logs, any other suggestions?
Thanks
Hello,
You may consider to collect debug flow traces and use port as filter and try to trigger the issue:
diagnose debug flow filter port 51820
diagnose debug flow show function-name enable
diagnose debug flow trace start 10
diagnose debug enable
and traffic sniffer
diagnose sniffer packet any 'port 51820' 4 0 a
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.