Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Port Forwarding RDP not Working in FORTIGATE 6...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Port Forwarding RDP not Working in FORTIGATE 60B connected to HUAWEI HG8245T
Hi Guys, Sorry for my english. I have testing the fortigate 60B not yet renew our license is there any effect the license in port forwarding?.
How to explain this I am very new in fortigate. my interface wan1 is connected to HUAWEI Router so I am just joining the FORTIGATE on that router to grab the DHCP Ip in my wan1 interface settings and it was successfull.
wan1 interface: ip: 192.168.100.3
subnet: 255.255.255.0
gateway: 192.168.100.1
dns: ok
internal interface: dhcp server 192.168.1.110 - 210
subnet 255.255.255.0
gateway: 192.168.1.99
i have external ip when I click whatismyip and it gives me xxx.xxx.xxx.xxx (for security I cannot show this).
I set up a virtual ip port forwarding using the EXTERNAL IP xxx.xxx.xxx.xxx to map to 192.168.1.101
i create MYRDP the external service port and map to port number 3389.
Then I created the Firewall policy
Source Interface: wan1 Source Address: all Destination Interface: internal Destination address: MYRDP Schedule: always Service: any action accept NAT: i did not put check fixed port: I did not put check
what is wrong in my setup? Thanks you guys for your help
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to make the router device pass IP's directly to the Gate (place modem or ISP device in bridge mode) so that the WAN interface of the Gate gets the external address. You have double NAT going on which complicates things currently for you.
Mike Pruett
Mike Pruett
Fortinet GURU | Fortinet Training Videos
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply.
Is there any other solutions to reroute the external ip from the 1st NAT (MODEM) to the 2nd NAT(FTG) or mapped the external IP to the 2NAT IP?
because a lot of user using the 1st NAT I am just joined the FTG to the Network and create the 2nd NAT.
Is there any CLI commands that I can run?
Thank you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to click to enable NAT on the firewall rule if port forwarding from WAN to LAN.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Robbo007, enabling NAT on the firewall rule, will enable source nat, which you don't need in this case.
rm_beginner:
Since you are double NATting, it's also necessary to configure port forwarding on your Hauwei Router.
(External IP->Fortigate wan1 IP)
External IP Address/Range of your VIP object on the Fortigate should be 0.0.0.0, because you are running DHCP on WAN1.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks to all your reply: Localhost:
Still Not Working do I missed something? Thank you
MY MODEM SETTINGS IN PORT FORWARDING
Protocol:TCP External start port: 3389 External end port: 3389 Internal start port: 3389 Internal end port: 3389 External source start port: blank External source end port: blank Mapping Name: FTG60B
Internal Host: 192.168.100.3 <-------this is my wan1 interface External Source IP address: xxx.xxx.xxx.xxx (shows by whatismyip)
MY FTG60B WAN1 INTERFACE
IP ADDRESS: 192.168.100.3 <----mapped ip SUBNET: 255.255.255.0 GATEWAY: 192.168.100.1
VIP Settings
Name: MYRDP External Interface: wan1 Type: Static NAT External IP Address/Range: 0.0.0.0 <-- like what you said Mapped IP Address/Range: 192.168.1.111
NAT is disable in my Policy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Windows Firewall might still be an issue?
Can you post the config of your VIP object and the firwall policy?
#config firewall vip
and
#config firewall policy
Also try and use tcpdump to check if packets are coming in on the Fortigate and going out on the correct interface:
#diagnose sniffer packet any 'port 3389' 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rm_beginner wrote:Thanks to all your reply: Localhost:
Still Not Working do I missed something? Thank you
MY MODEM SETTINGS IN PORT FORWARDING
Protocol:TCP External start port: 3389 External end port: 3389 Internal start port: 3389 Internal end port: 3389 External source start port: blank External source end port: blank Mapping Name: FTG60B
Internal Host: 192.168.100.3 <-------this is my wan1 interface External Source IP address: xxx.xxx.xxx.xxx (shows by whatismyip)
MY FTG60B WAN1 INTERFACE
IP ADDRESS: 192.168.100.3 <----mapped ip SUBNET: 255.255.255.0 GATEWAY: 192.168.100.1
VIP Settings
Name: MYRDP External Interface: wan1 Type: Static NAT External IP Address/Range: 0.0.0.0 <-- like what you said Mapped IP Address/Range: 192.168.1.111
NAT is disable in my Policy
Try to do Port-forward in the VIP with just 3389 in both external and internal port.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Will the ISP not place the ISP modem in bridge mode so the Gate can house the WAN IP? It would simplify your deployment and remove a lot of the pain.
Mike Pruett
Mike Pruett
Fortinet GURU | Fortinet Training Videos
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Software switch witouth loop in fortigate? 56 Views
- Seeking Guidance on Configuring DHCP Relay... 174 Views
- How to avoid Assymetric Routing with... 117 Views
- Device firmware version 135 Views
- Log event when a WAN fails 204 Views
Labels
-
FortiGate
8,442 -
FortiClient
1,708 -
5.2
801 -
FortiManager
708 -
5.4
639 -
FortiAnalyzer
545 -
FortiAP
457 -
FortiSwitch
456 -
6.0
416 -
FortiClient EMS
405 -
5.6
362 -
FortiMail
308 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
215 -
FortiWeb
199 -
5.0
196 -
IPsec
183 -
FortiNAC
175 -
FortiGuard
135 -
6.4
128 -
SD-WAN
109 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
77 -
Wireless Controller
75 -
Firewall policy
70 -
4.0MR3
64 -
FortiProxy
59 -
FortiADC
53 -
Fortivoice
52 -
High Availability
51 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiSandbox
43 -
FortiExtender
43 -
FortiDNS
42 -
Routing
39 -
DNS
39 -
BGP
38 -
LDAP
38 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
33 -
Certificate
32 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
26 -
FortiWAN
25 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
VDOM
24 -
Logging
24 -
Web profile
23 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
19 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
FortiMonitor
18 -
SSL SSH inspection
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
IP address management - IPAM
14 -
FortiSOAR
13 -
SSID
13 -
Static route
13 -
System settings
13 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Traffic shaping policy
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Traffic shaping profile
5 -
Email filter profile
5 -
Web rating
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Service
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1647 | |
| 1070 | |
| 751 | |
| 443 | |
| 214 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.