Multiple port forward

vazexa · ‎04-10-2022

Hello,

I am a beginner with Fortigate and i am trying to connect an H.323 video conference system in my office in order to make conferences with remote locations but since i will connect the system behind NAT, i have to forward several ports to the video conference IP address.

After looking at the forums, etc. i understood how to forward a single port to an IP, using VIP but i cannot understand how to forward multiple ports or ports range to a single IP.

Can someone help me please?

thank you very much in advance!

akristof · ‎04-11-2022

Hi,

It has

"-" is separator.

Adrian

View solution in original post

akristof · ‎04-10-2022

Hi,

Thank you for your question. You can create multiple VIPs with same external/internal IPs but with different forward ports. So you will have 1 VIP for HTTP traffic, 1 VIP for HTTPS, etc.

Adrian

vazexa · ‎04-10-2022

Hi Ardian,

Thank you very much for your answer.

it is understood when i want to forward single ports but how can i forward a port range? i.e. 30000 to 30999? Of course i cannot make 999 separate VIPs :)

akristof · ‎04-11-2022

Hi,

Like this:

Or if you want to forward multiple different ports to one port:

Adrian

vazexa · ‎04-11-2022

thank you very much, as i do not want to forward multiple different ports to one port i will use the 1st option.

Is it possible to do it via gui or only via cli?

akristof · ‎04-11-2022

Hi,

You can do it via GUI or CLI, I just showed how it looks from CLI. From GUI, if you will configure range of ports, it will automatically calculate the range based on first forward port. So in my example, I specified external ports 20000-21000, GUI will allow you to specify first mapped port, 30000 and it will automatically calculate last port based on the range. Just a note.

Adrian

vazexa · ‎04-11-2022

my GUI does not have the selection to forward port range, it only has port forward single external to single internal with selection of tcp, udp, sctp and icmp

akristof · ‎04-11-2022

Hi,

It has

"-" is separator.

Adrian

vazexa · ‎04-11-2022

ok i will try it and i will let you know!

can you please also help me with something else? while i was trying to make the port forwarding work, i must have enabled a policy and accidentally forwarded all traffic of port 80 to an IP address different from the management port of the fortigate so now, although the router operates ok, I have no access at all at the GUI.

Can you please let me know if it possible to connect via console and disable this firewall policy?

akristof · ‎04-11-2022

Hi,

You can try SSH if it is enabled on your management port. Then you can just go into firewall policy and disable it:

config firewall policy

edit <id>

set status disable

end

Adrian

Multiple port forward

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website