Outbound port redirect

goroth · ‎08-03-2016

There is an email server located outside our network that was running port 25 but is now running port 1234 instead. (example not real port).

We need to edit all email clients to the new port 1234.

Can the forti IOS redirect outbound port 25 dest address 1.2.3.4 to new port 1234 address 1.2.3.4?

MikePruett · ‎08-03-2016

Hmm, I don't personally think so but I may be wrong. I have never heard of anyone doing something in that manner. I know PAT occurs but it isn't as cut and dry as you are saying.

Mike Pruett

Fortinet GURU | Fortinet Training Videos

ede_pfau · ‎08-04-2016

Yes, you can do that definitely.

What you need is destination NAT with port forwarding, and the object doing this is a VIP (virtual IP). Define it on the 'internal' port. In order to activate the NAT, create a policy from 'internal' to 'wan' with destination address == VIP.

You can always check what is happening with 'diag debug flow'. NAT should be evident in the diag output.

Ede Kernel panic: Aiee, killing interrupt handler!

MikePruett · ‎08-04-2016

Ede you rock! Learned something new today. Never thought of using the VIP to do it.

Mike Pruett

Fortinet GURU | Fortinet Training Videos

ede_pfau · ‎08-05-2016

Glad I could help.

I had once combined VIPs with short names on the internal DNS zone, to make my life easier in connecting to customer firewalls.

Ede Kernel panic: Aiee, killing interrupt handler!

Outbound port redirect

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website