Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vazexa
New Contributor

Created on ‎04-10-2022 05:30 AM

Multiple port forward

Hello,

 

I am a beginner with Fortigate and i am trying to connect an H.323 video conference system in my office in order to make conferences with remote locations but since i will connect the system behind NAT, i have to forward several ports to the video conference IP address.

 

After looking at the forums, etc. i understood how to forward a single port to an IP, using VIP but i cannot understand how to forward multiple ports or ports range to a single IP. 

 

Can someone help me please?

 

thank you very much in advance!

Labels:
18731
0 Kudos
1 Solution
akristof
Staff
Staff
In response to vazexa

Created on ‎04-11-2022 01:01 AM

Hi,

It has

akristof_0-1649664057166.png

"-" is separator.

Adrian

View solution in original post

18678
19 REPLIES 19
akristof
Staff
Staff

Created on ‎04-10-2022 11:04 PM

Hi,

 

Thank you for your question. You can create multiple VIPs with same external/internal IPs but with different forward ports. So you will have 1 VIP for HTTP traffic, 1 VIP for HTTPS, etc.

Adrian
14873
0 Kudos
vazexa
New Contributor
In response to akristof

Created on ‎04-10-2022 11:56 PM

Hi Ardian,

Thank you very much for your answer.

it is understood when i want to forward single ports but how can i forward a port range? i.e. 30000 to 30999? Of course i cannot make 999 separate VIPs :)

14869
0 Kudos
akristof
Staff
Staff
In response to vazexa

Created on ‎04-11-2022 12:06 AM

Hi,

 

Like this:

akristof_0-1649660654163.png

Or if you want to forward multiple different ports to one port:

akristof_1-1649660753630.png

 

Adrian
14867
0 Kudos
vazexa
New Contributor

Created on ‎04-11-2022 12:25 AM

thank you very much, as i do not want to forward multiple different ports to one port i will use the 1st option.

Is it possible to do it via gui or only via cli?

14866
0 Kudos
akristof
Staff
Staff
In response to vazexa

Created on ‎04-11-2022 12:30 AM

Hi,

 

You can do it via GUI or CLI, I just showed how it looks from CLI. From GUI, if you will configure range of ports, it will automatically calculate the range based on first forward port. So in my example, I specified external ports 20000-21000, GUI will allow you to specify first mapped port, 30000 and it will automatically calculate last port based on the range. Just a note.

Adrian
14865
vazexa
New Contributor

Created on ‎04-11-2022 12:50 AM

my GUI does not have the selection to forward port range, it only has port forward single external to single internal with selection of tcp, udp, sctp and icmp

14859
0 Kudos
akristof
Staff
Staff
In response to vazexa

Created on ‎04-11-2022 01:01 AM

Hi,

It has

akristof_0-1649664057166.png

"-" is separator.

Adrian
18679
vazexa
New Contributor

Created on ‎04-11-2022 01:13 AM

ok i will try it and i will let you know!

 

can you please also help me with something else? while i was trying to make the port forwarding work, i must have enabled a policy and accidentally forwarded all traffic of port 80 to an IP address different from the management port of the fortigate so now, although the router operates ok, I have no access at all at the GUI.

 

Can you please let me know if it possible to connect via console and disable this firewall policy?

14853
0 Kudos
akristof
Staff
Staff
In response to vazexa

Created on ‎04-11-2022 01:16 AM

Hi,

 

You can try SSH if it is enabled on your management port. Then you can just go into firewall policy and disable it:

config firewall policy

edit <id>

set status disable

end

 

 

Adrian
14852
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.