Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum this December to earn your exclusive Holiday Badge! Become a member today.
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Port 8080
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 07-23-2009 02:46 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Port 8080
HI, we host a webcam. A Canon GC-10. It sits on port 8080 internal to our network. I have setup virtual ip for the camera, NAT no port forwarding and set up a firewall policy to forward port 8080 traffic to the VIP camera. But nothing. Is there some kind of Fortinet admin service that grabs 8080? Any ideas?
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi David,
welcome to the forums.
Here is what the config should look like:
Firewall -> Virtual IP
Name: Camera
IP: External/1.2.3.4 (public IP)
Map to IP: 192.168.1.100 (private IP)
Custom Service
Firewall -> Service -> Custom -> Create New
Name: TCP-8080
Protocol: TCP
Source Low: 1
Source High: 65535
Destination Low: 8080
Destination High: 8080
Then there should be a rule
Firewall -> Policy
Source Interface: External
Source Address: all
Destination Interface: internal
Destination Address: Camera
Service: TCP-8080
The NAT checkbox on the firewall rule should not be enabled.
A Real World Fortinet Guide
Configuration Examples & Frequently Asked Questions
http://firewallguru.blogspot.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi g3rman, I set this exactly as you say but it is still not working. What other info can I gather?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Run this command from the CLI:
diag sniffer packet internal ' host 192.168.1.100'
-Notice they are single quotes
-Substitute your internal interface name and the physical IP of your webcam
Then try to access the camera from the outside and see if you see any traffic coming inbound on the command line. If not you can try
diag sniffer packet wan1 ' host 1.2.3.4'
to see if packets on port 8080 are even getting to your firewall.
Also, is the VIP the same as your external firewall IP address or a different IP?
A Real World Fortinet Guide
Configuration Examples & Frequently Asked Questions
http://firewallguru.blogspot.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you g3rman!
IP VIP and external:
10.0.x.x VIP
12.157.xx.xx external firewall address
Ok I am seeing this constantly in the log:
6.796679 125.90.xx.xx.49164 -> 10.0.xx.xx.21: fin 3387191081 ack 3865568601
6.796728 125.90.xx.xx.49369 -> 10.0.xx.xx.21: syn 3386482840
6.797701 10.0.xx.xx.21 -> 125.90.xx.xx.49164: psh 3865568601 ack 3387191082
6.800826 10.0.xx.xx.21 -> 125.90.xx.xx.49164: fin 3865568615 ack 3387191082
6.819566 10.0.xx.xx.21 -> 125.90.xx.xx.49369: syn 3871957392 ack 3386482841
6.983824 125.90.xx.xx.49164 -> 10.0.xx.xx.21: rst 3387191082
6.986954 125.90.xx.xx.49164 -> 10.0.xx.xx.21: rst 3387191082
7.005702 125.90.xx.xx.49369 -> 10.0.xx.xx.21: ack 3871957393
7.017453 10.0.xx.xx.21 -> 125.90.xx.xx.49369: psh 3871957393 ack 3386482841
7.203951 125.90.xx.xx.49369 -> 10.0.xx.xx.21: ack 3871957437
7.203970 125.90.xx.xx.49369 -> 10.0.xx.xx.21: psh 3386482841 ack 3871957437
7.204479 10.0.xx.xx.21 -> 125.90.xx.xx.49369: ack 3386482861
7.205723 10.0.xx.xx.21 -> 125.90.xx.xx.49369: psh 3871957437 ack 3386482861
7.455444 125.90.xx.xx.49369 -> 10.0.xx.xx.21: psh 3386482861 ack 3871957473
7.461078 10.0.xx.xx.21 -> 125.90.xx.xx.49369: psh 3871957473 ack 3386482868
7.647326 125.90.xx.xx.49369 -> 10.0.xx.xx.21: fin 3386482868 ack 3871957504
7.647507 125.90.xx.xx.49586 -> 10.0.xx.xx.21: syn 3381131554
7.647972 10.0.xx.xx.21 -> 125.90.xx.xx.49586: syn 3861402502 ack 3381131555
7.648347 10.0.xx.xx.21 -> 125.90.xx.xx.49369: psh 3871957504 ack 3386482869
7.652470 10.0.xx.xx.21 -> 125.90.xx.xx.49369: fin 3871957518 ack 3386482869
7.834503 125.90.xx.xx.49586 -> 10.0.xx.xx.21: ack 3861402503
7.834527 125.90.xx.xx.49369 -> 10.0.xx.xx.21: rst 3386482869
7.838467 125.90.xx.xx.49369 -> 10.0.xx.xx.21: rst 3386482869
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wait, I opened it up entirely to see if that fixes it. I didn' t. Now I closed it to just the custom service and I don' t see any traffic. Trying the 2nd command in your port.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, here are the real results from the first command:
186.997632 arp who-has 10.0.xx.xx tell 10.0.xx.xx
308.920020 arp who-has 10.0.xx.xx tell 10.0.xx.xx
308.920307 arp reply 10.0.xx.xx is-at 0:0:85:22:bf:e7
308.920326 24.25.xx.xx.32794 -> 10.0.xx.xx.8080: syn 1283307571
308.920804 10.0.xx.xx.8080 -> 24.25.xx.xx.32794: rst 0 ack 1283307572
309.427874 24.25.xx.xx.32794 -> 10.0.xx.xx.8080: syn 1283307571
309.428277 10.0.xx.xx.8080 -> 24.25.xx.xx.32794: rst 0 ack 1283307572
309.933225 24.25.xx.xx.32794 -> 10.0.xx.xx.8080: syn 1283307571
309.933745 10.0.xx.xx.8080 -> 24.25.xx.xx.32794: rst 0 ack 1283307572
313.915739 arp who-has 10.0.12.1 tell 10.0.xx.xx
313.915750 arp reply 10.0.12.1 is-at 0:9:f:c6:9a:b3
331.719104 24.25.xx.xx.32786 -> 10.0.xx.xx.8080: syn 1909296192
331.719586 10.0.xx.xx.8080 -> 24.25.xx.xx.32786: rst 0 ack 1909296193
332.287388 24.25.xx.xx.32786 -> 10.0.xx.xx.8080: syn 1909296192
332.287770 10.0.xx.xx.8080 -> 24.25.xx.xx.32786: rst 0 ack 1909296193
333.077197 24.25.xx.xx.32786 -> 10.0.xx.xx.8080: syn 1909296192
24.25.xx.xx is me hitting the address from the outside.
10.0.xx.xx VIP address
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This one is easy. Essentially what is happening is that you are hitting the camera and the camera is refusing the connection on port 8080. This is not a firewall issue but related to your camera config.
A Real World Fortinet Guide
Configuration Examples & Frequently Asked Questions
http://firewallguru.blogspot.com
Not applicable
Created on 07-24-2009 12:45 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
right you are g3rman.
I did a pwer on/off of the camera and it started working. I think your fix suggestion last night of opening source ports for all TCP ports fixed it, but the camera was hung up at that point and was not working.
All is well.
THank you Thank you g3rman
Related Posts
- Is it possible to configure two... 33 Views
- Fortigate Dynamic SNAT || Fixed port... 39 Views
- SNMP OID for transciever DDM/DOM features... 42 Views
- EasyMesh AP devices can't mesh if... 33 Views
- WAN Interface not shown in Firewall... 154 Views
Labels
-
FortiGate
5,142 -
FortiClient
1,045 -
5.2
801 -
5.4
639 -
FortiManager
479 -
6.0
416 -
5.6
362 -
FortiAnalyzer
329 -
6.2
251 -
FortiSwitch
243 -
FortiAP
238 -
FortiClient EMS
205 -
FortiAuthenticator
200 -
FortiMail
198 -
5.0
196 -
6.4
128 -
FortiWeb
112 -
FortiGuard
81 -
FortiGateCloud
77 -
FortiSIEM
70 -
FortiCloud Products
66 -
FortiNAC
66 -
4.0MR3
64 -
FortiToken
54 -
Customer Service
53 -
Wireless Controller
42 -
FortiADC
35 -
FortiProxy
30 -
FortiGate v5.4
30 -
FortiDNS
30 -
Fortivoice
29 -
FortiEDR
27 -
FortiExtender
26 -
FortiSwitch v6.4
25 -
FortiConnect
25 -
FortiSandbox
22 -
FortiConverter
18 -
FortiWAN
17 -
FortiSwitch v6.2
14 -
FortiMonitor
11 -
FortiGate v5.2
11 -
FortiPortal
11 -
FortiCASB
11 -
FortiManager v5.0
9 -
FortiDDoS
9 -
4.0MR2
9 -
FortiGate v5.0
8 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
FortiRecorder
7 -
4.0
7 -
RMA Information and Announcements
5 -
FortiBridge
5 -
FortiCarrier
4 -
3.6
4 -
FortiManager v4.0
4 -
FortiWeb v5.0
3 -
FortiDirector
3 -
FortiCache
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
FortiAI
2 -
FortiTester
2 -
FortiScan
2 -
FortiGate v4.0 MR3
2 -
4.0MR1
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiHypervisor
1 -
FortiNDR
1 -
FortiManager-VM
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2023 Fortinet, Inc. All Rights Reserved.