Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
net_numpty
New Contributor

Port Forwarding - odd behaviour

Hi Brains Trust, 

 

I have been working on this for hours and have tried all sorts of combinations of configuration to no avail.

 

I have a Fortigate 30D running 5.4.4 and I want to port forward 80 and 443 to my internal web server. I have other port forwards working to other servers successfully. I have configured port 80 in the same manner and I cannot access the web server externally. 

 

As a test I have set up a listener on the web server to port 81 and configured the firewall to forward port 81. It Works! I set it back to port 80, it doesn't work.

 

What am I missing?

6 REPLIES 6
lobstercreed
Valued Contributor

A couple possibilities come to mind, but the basic premise is this: something else is listening on port 80.  Either another VIP object or possibly if you have HTTP set to automatically redirect to HTTPS and have HTTPS listening on your WAN interface, and that is the same IP you're trying to forward?

live89

I agree with Daniel. start from there.

If still nothing, follow this article:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD45731

 

Thanks

Thanks
net_numpty

Thanks for your reply. 

 

You're both right, that is the most logical explanation, I just can't work out what would be using port 80. Thanks for the KB article, I'll have a look at it now.

Dave_Hall
Honored Contributor

Keep in mind that by default the fgt will listen on port 80, 443 for admin access regardless on which interface you use to connect to to it.  If you want to set up port forwarding to those ports from outside (WAN), you need to change the admin access ports to something else.  eg.

 

config system global set admin-sport 8443 set admin-port 8080 end

Edit: funny how refreshing the forum post doesn't show all of the past follow ups in the thread.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
net_numpty

Thanks for the reply. That's what I'm thinking but I can't work out what it would be. I have change the default admin port numbers for HTTP and HTTPS but remote access is disabled. No other VIPs are using port 80. SSH and FTP works to the same server, just not HTTP. 

 

As a test I changed the VIP and redirected port 8080 externally to port 80 internally and it works. I also change the admin HTTP port to port 8080 as well just to see if that's what is causing the issue. Still works, I can hit the web server. This is doing my head in. It should be something simple. 

net_numpty
New Contributor

Thanks again for your replies. 

 

The problem seems to have gone away. The only thing that I changed was changing the Central Management from FortiCloud to None. However, changing it back to FortiCloud it still works.

 

I think something must have got bound by a gremlin that has since cleared. 

 

I appreciate your prompt responses to my query.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors