Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JasonX
New Contributor

Open ports for CCTV system Mobile app access

Setting up a CCTV system on the network that can be accessed by a mobile app. Manufacturer states certain ports must be opened to allow the mobile app to speak with the local server on the NVR. Tried setting up a policy allowing this through those ports but the mobile app still won't connect and I spoke with TAC who said I probably have to have a static IP for the policies to stay up. He helped me set up a Virtual IP. This is for a home network and the ISP won't provide a static IP for a residential set up. Actually the ISP seems to stay static for a while so I wouldn't mind too much just changing it on the policies if the IP changes but I can't even get it to connect with the current one - that's probably a separate issue. Puzzling because I had almost an identical set up with my old system and it seemed to work fine with the mobile app speaking to the NVR. A Ring system with an alarm base station and wifi cams also seems to work fine with the mobile app receiving alerts and notifications as well as live streaming from the cameras when I am out of the local network and on cellular. CCTV support cannot provide guidance on my firewall - 60F.

2 REPLIES 2
maulishshah
Staff
Staff

Hi @JasonX ,

 

Can you please provide the configuration of VIP and ports that need to be open for Cameras through the mobile application? 

 

Also, need to verify the NAT is enabled on the policy or not? 

 

If Nat is disabled, please run the following command to verify whether the traffic is allowed or not

 

di de reset

di de flow filter addr x.x.x.x (x is the public IP of the test user or mobile user)

di de flow trace start 99999

di de en

Also, requires running packet capture on the server end. 

 

Thank you. 

Maulish Shah
dingjerry_FTNT

Hi @JasonX ,

 

We need to clarify some information:

 

1) "the local server on the NVR"

What is the IP to access it?  A public one or a private one?

 

2) Does that local server know how to reply to the user accessing it? 

I mean, what is the default gateway on the local server?  Does it point to FortiGate? Can we access the local server using a public IP?

 

3) We need the configuration of the virtual servers and/or the open ports you configured on your FortiGate.

 

Once you provide the above information, I can provide further steps for you.

Regards,

Jerry
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors