Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vazexa
New Contributor

Multiple port forward

Hello,

 

I am a beginner with Fortigate and i am trying to connect an H.323 video conference system in my office in order to make conferences with remote locations but since i will connect the system behind NAT, i have to forward several ports to the video conference IP address.

 

After looking at the forums, etc. i understood how to forward a single port to an IP, using VIP but i cannot understand how to forward multiple ports or ports range to a single IP. 

 

Can someone help me please?

 

thank you very much in advance!

1 Solution
akristof

Hi,

It has

akristof_0-1649664057166.png

"-" is separator.

Adrian

View solution in original post

19 REPLIES 19
akristof
Staff
Staff

Hi,

 

Thank you for your question. You can create multiple VIPs with same external/internal IPs but with different forward ports. So you will have 1 VIP for HTTP traffic, 1 VIP for HTTPS, etc.

Adrian
vazexa

Hi Ardian,

Thank you very much for your answer.

it is understood when i want to forward single ports but how can i forward a port range? i.e. 30000 to 30999? Of course i cannot make 999 separate VIPs :)

akristof

Hi,

 

Like this:

akristof_0-1649660654163.png

Or if you want to forward multiple different ports to one port:

akristof_1-1649660753630.png

 

Adrian
vazexa
New Contributor

thank you very much, as i do not want to forward multiple different ports to one port i will use the 1st option.

Is it possible to do it via gui or only via cli?

akristof

Hi,

 

You can do it via GUI or CLI, I just showed how it looks from CLI. From GUI, if you will configure range of ports, it will automatically calculate the range based on first forward port. So in my example, I specified external ports 20000-21000, GUI will allow you to specify first mapped port, 30000 and it will automatically calculate last port based on the range. Just a note.

Adrian
vazexa
New Contributor

my GUI does not have the selection to forward port range, it only has port forward single external to single internal with selection of tcp, udp, sctp and icmp

akristof

Hi,

It has

akristof_0-1649664057166.png

"-" is separator.

Adrian
vazexa
New Contributor

ok i will try it and i will let you know!

 

can you please also help me with something else? while i was trying to make the port forwarding work, i must have enabled a policy and accidentally forwarded all traffic of port 80 to an IP address different from the management port of the fortigate so now, although the router operates ok, I have no access at all at the GUI.

 

Can you please let me know if it possible to connect via console and disable this firewall policy?

akristof

Hi,

 

You can try SSH if it is enabled on your management port. Then you can just go into firewall policy and disable it:

config firewall policy

edit <id>

set status disable

end

 

 

Adrian
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors