Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vazexa
New Contributor

Multiple port forward

Hello,

 

I am a beginner with Fortigate and i am trying to connect an H.323 video conference system in my office in order to make conferences with remote locations but since i will connect the system behind NAT, i have to forward several ports to the video conference IP address.

 

After looking at the forums, etc. i understood how to forward a single port to an IP, using VIP but i cannot understand how to forward multiple ports or ports range to a single IP. 

 

Can someone help me please?

 

thank you very much in advance!

1 Solution
akristof

Hi,

It has

akristof_0-1649664057166.png

"-" is separator.

Adrian

View solution in original post

19 REPLIES 19
vazexa
New Contributor

thank you!

Can you please let me know if SSH if it is enabled or disabled on the management port by default?

akristof

Hi,

Yes, SSH, HTTP, HTTPS and Ping are default protocols that are allowed.

Adrian
vazexa
New Contributor

one last question, how do i know which is the id of the policy i want to disable?

akristof

Hi,

Well, you can list them and identify it based on name/VIP/interfaces, etc.

show firewall policy

 

Also, usually, last policy is with the highest ID and it is last. So this can help you too.

Adrian
vazexa

you are very helpful!

Is it possible to tell me the CLI commands of how to list the policies?

akristof

Hi, I did:

show firewall policy

 

Adrian
vazexa

i actually did it!! I disabled the policy and now i have control over my fortigate again! Thank you very much!!

EEHC
Contributor

First I want to explain something related to VOIP having two types of traffic. Signaling (H323 in your case) for call setup. RTP for conversation. The firewall listens to the call setup to know the RTP ports that should be opened. After call ends it close it.

I have a question, why you need to forward specific ports? do you use the same public IP for different applications or change the ports? If you create VIP, all coming traffic will be forwarded without changing the ports. I prefer to make VIP and control the ports from the policy.

EEHC
EEHC
vazexa
New Contributor

Thank you very much for your feedback.

I want to operate an SVC video conference by Aver that supports H.323. I have made the port forwarding the user manual states (see below photo) but it does not operate ok. i.e. although I can see and hear the remote party, my camera and microphone are not being transmitted remotely. Do you think this has something to do with the firewall?

 

 

2022-04-12 (2).png

EEHC

It is a famous problem in VOIP "one-way audio". If you search for these words you will find several links for solving it. Here is one "http://info.teledynamics.com/blog/how-to-troubleshoot-one-way-and-no-way-audio-on-voip-calls"

You don't have to follow the exact steps. you need to get an idea about the root cause.

The problem is that the packets from one end don't reach the other end. The reason may be a routing problem that sends the packets in the wrong direction. Or it may be a firewall policy missed that allows these packets.

This is the idea. Keep in mind that the VOIP conversation be directly between the two ends not through the central call manager.

EEHC
EEHC
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors