Hi Brains Trust,
I have been working on this for hours and have tried all sorts of combinations of configuration to no avail.
I have a Fortigate 30D running 5.4.4 and I want to port forward 80 and 443 to my internal web server. I have other port forwards working to other servers successfully. I have configured port 80 in the same manner and I cannot access the web server externally.
As a test I have set up a listener on the web server to port 81 and configured the firewall to forward port 81. It Works! I set it back to port 80, it doesn't work.
What am I missing?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
A couple possibilities come to mind, but the basic premise is this: something else is listening on port 80. Either another VIP object or possibly if you have HTTP set to automatically redirect to HTTPS and have HTTPS listening on your WAN interface, and that is the same IP you're trying to forward?
I agree with Daniel. start from there.
If still nothing, follow this article:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD45731
Thanks
Thanks for your reply.
You're both right, that is the most logical explanation, I just can't work out what would be using port 80. Thanks for the KB article, I'll have a look at it now.
Keep in mind that by default the fgt will listen on port 80, 443 for admin access regardless on which interface you use to connect to to it. If you want to set up port forwarding to those ports from outside (WAN), you need to change the admin access ports to something else. eg.
config system global set admin-sport 8443 set admin-port 8080 end
Edit: funny how refreshing the forum post doesn't show all of the past follow ups in the thread.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Thanks for the reply. That's what I'm thinking but I can't work out what it would be. I have change the default admin port numbers for HTTP and HTTPS but remote access is disabled. No other VIPs are using port 80. SSH and FTP works to the same server, just not HTTP.
As a test I changed the VIP and redirected port 8080 externally to port 80 internally and it works. I also change the admin HTTP port to port 8080 as well just to see if that's what is causing the issue. Still works, I can hit the web server. This is doing my head in. It should be something simple.
Thanks again for your replies.
The problem seems to have gone away. The only thing that I changed was changing the Central Management from FortiCloud to None. However, changing it back to FortiCloud it still works.
I think something must have got bound by a gremlin that has since cleared.
I appreciate your prompt responses to my query.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.