Good afternoon. I am not a networking guru, so I hope ask these questions in the correct manner. I have a port that I want open and forwarding to a specific client machine. I have gone through and done the VIP, VIP Group and entered the policy. Everything seems good according to what I read in the cookbook. Running v4.0 MR3 Patch 12.
When I do an external port test, I get a time out error, and that the port is not available. Subscriptions are not up to date. Am I missing something to open this specific port? Lets say it is port 4080. Is there a specific area in the panel that I need to specifically open that port before port forwarding will even work, or is the set up of port forwarding essentially opening that port?
I just know there is also the Services\Custom set up, and I have done nothing in that area...
Help is deeply appreciated.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hi,
if you've set up the VIP correctly and use it in a policy 'wan' -> 'internal' it should just work. If you post your config (' config firewall vip' and 'config firewall policy', only the relevant parts) I'll check it for you.
Having no subscription is a pity as the AV signatures will be not old but ancient. But that won't prevent the firewalling from working.
One thing, though hard to do without a current contract: upgrade from v4.3.12 to the latest v4.3.18. v4.3 is very mature and stable in the latest patches, not sure which quirks patch 12 had. Just in case you've got access to the firmware.
thegreatwhay wrote:
When I do an external port test, I get a time out error, and that the port is not available.
What type of external test are you performing, if I may ask? For example, if the port forward is for HTTP, then only HTTP will work. A PING test will always fail. Also, in the policy, the service needs to be the native service for the server's IP port, not the presented external VIP port. (80 in my prior example, not 4080)
Hope that all helps
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
@rwpatterson,
Is there something I can do on my end as well to 'close a post'. I failed to click the "answered" and "Helpful" icons, which I have done now.
@ sophia, I have not read all of the posts that were directed to you, but certainly be sure your "non-fortigate" hardware is set up correctly as well.
Thanks all.
[yeah, that's why thread hijacking is not a good idea. OP has found his solution but second thread is still on. Better repost on a thread of your own - to get more attention.]
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.