Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vazexa
New Contributor

Created on ‎04-10-2022 05:30 AM

Multiple port forward

Hello,

 

I am a beginner with Fortigate and i am trying to connect an H.323 video conference system in my office in order to make conferences with remote locations but since i will connect the system behind NAT, i have to forward several ports to the video conference IP address.

 

After looking at the forums, etc. i understood how to forward a single port to an IP, using VIP but i cannot understand how to forward multiple ports or ports range to a single IP. 

 

Can someone help me please?

 

thank you very much in advance!

Labels:
28436
0 Kudos
1 Solution
akristof
Staff
Staff
In response to vazexa

Created on ‎04-11-2022 01:01 AM

Hi,

It has

akristof_0-1649664057166.png

"-" is separator.

Adrian

View solution in original post

28383
19 REPLIES 19
vazexa
New Contributor

Created on ‎04-11-2022 01:21 AM

thank you!

Can you please let me know if SSH if it is enabled or disabled on the management port by default?

4707
0 Kudos
akristof
Staff
Staff
In response to vazexa

Created on ‎04-11-2022 01:24 AM

Hi,

Yes, SSH, HTTP, HTTPS and Ping are default protocols that are allowed.

Adrian
4706
0 Kudos
vazexa
New Contributor

Created on ‎04-11-2022 01:36 AM

one last question, how do i know which is the id of the policy i want to disable?

4705
0 Kudos
akristof
Staff
Staff
In response to vazexa

Created on ‎04-11-2022 01:38 AM

Hi,

Well, you can list them and identify it based on name/VIP/interfaces, etc.

show firewall policy

 

Also, usually, last policy is with the highest ID and it is last. So this can help you too.

Adrian
4704
0 Kudos
vazexa
New Contributor
In response to akristof

Created on ‎04-11-2022 01:44 AM

you are very helpful!

Is it possible to tell me the CLI commands of how to list the policies?

4703
0 Kudos
akristof
Staff
Staff
In response to vazexa

Created on ‎04-11-2022 01:45 AM

Hi, I did:

show firewall policy

 

Adrian
4702
0 Kudos
vazexa
New Contributor
In response to akristof

Created on ‎04-12-2022 03:45 AM

i actually did it!! I disabled the policy and now i have control over my fortigate again! Thank you very much!!

4689
0 Kudos
EEHC
Contributor

Created on ‎04-11-2022 02:57 AM

First I want to explain something related to VOIP having two types of traffic. Signaling (H323 in your case) for call setup. RTP for conversation. The firewall listens to the call setup to know the RTP ports that should be opened. After call ends it close it.

I have a question, why you need to forward specific ports? do you use the same public IP for different applications or change the ports? If you create VIP, all coming traffic will be forwarded without changing the ports. I prefer to make VIP and control the ports from the policy.

EEHC
EEHC
4693
vazexa
New Contributor
In response to EEHC

Created on ‎04-12-2022 03:50 AM

Thank you very much for your feedback.

I want to operate an SVC video conference by Aver that supports H.323. I have made the port forwarding the user manual states (see below photo) but it does not operate ok. i.e. although I can see and hear the remote party, my camera and microphone are not being transmitted remotely. Do you think this has something to do with the firewall?

 

 

2022-04-12 (2).png

4689
0 Kudos
EEHC
Contributor
In response to vazexa

Created on ‎04-16-2022 11:45 PM

It is a famous problem in VOIP "one-way audio". If you search for these words you will find several links for solving it. Here is one "http://info.teledynamics.com/blog/how-to-troubleshoot-one-way-and-no-way-audio-on-voip-calls"

You don't have to follow the exact steps. you need to get an idea about the root cause.

The problem is that the packets from one end don't reach the other end. The reason may be a routing problem that sends the packets in the wrong direction. Or it may be a firewall policy missed that allows these packets.

This is the idea. Keep in mind that the VOIP conversation be directly between the two ends not through the central call manager.

EEHC
EEHC
4664
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.