Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Xris76
New Contributor

Created on ‎03-23-2017 07:02 AM

Port Forwarding wont work

Hello,

 

we have two Fortigate 100D (HA Cluster)

v5.0,build0292 (GA Patch 9)

 

We uses Swyx Server in our Enviroment. I installed a dedicated VM - Swyx - Remote Connector Server. We want to use the Services for our Cellphones when we out of the Office. Cellphone can use Swyx Mobile and make calls over the Server. The Connector needs 2 Ports : 9101 for Authentication and 16203 for Remote Connector for Swyx.

 

So i configured Port Forwarding on the Fortinet.

 

Creating 2 Services

One with the Port 9101 and the other with Port 16203. Both are TCP Ports.

 

Creating 2 Adresses

1.

Name: Swyx RC

xxx.xxx.xxx.xxx one Public IP, which one have a Subdomain Name (nessesary for Users )

 

2.

Name: Swyx RC Server

192.168.xxx.xxx for the private Remote Connector Server Address

 

Both : Interface Any

 

Creating 2 VIPs

 

1.

Swyx Remote Connector

Type Static NAT

External IP   -   Swyx RC (as described above under Adresses)

Mapped IP -  the private Remote Connector Server Address

Port Forwarding enabled

Protocol TCP

External Service Port -16203 - 16023

Map To Port             - 16203 - 16203

 

2.

Swyx-Authent

Type Static NAT

External IP   -   Swyx RC (as described above under Adresses)

Mapped IP -  the private Remote Connector Server Address

Port Forwarding enabled

Protocol TCP

External Service Port - 9101 - 9101

Map To Port              - 9101 - 9101

 

 

Created a Policy

 

Policy Type -Firewall

Policy Subtype - Address

Incoming Interface - wan1

Source Adress - Swyx RC (as described above under Adresses)

Outgoing Interface - internal

Destination Address -  Swyx RC and Swyx Remote Connector Server i created (as described above under Adresses)

Schedule - always

Service -  Swyx Remote Connector and Swyx Authent (as described above under Services)

Action - Accept

 

Enable NAT

 

##########

 

The Swyx Mobile wont work. The Ports are not open. Tested with Portscanner from Extern.

I disable the NAT Option, but it wont work.

 

Anybody have a Idea what is here the Problem? Where is the thought mistake?

 

Regards and thanks for Help

 

Xris

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

5724
0 Kudos
3 REPLIES 3
brycemd
Contributor II

Created on ‎03-23-2017 07:31 AM

For the destination put the VIP(or VIP group)

 

The destination can't be the internal IP address object.(For this scenario you don't need the local IP address object at all)

1974
0 Kudos
Xris76
New Contributor
In response to brycemd

Created on ‎03-23-2017 07:53 AM

in my scenario the Destination is the VIP already, one is the internal ip and the other is the Public IP

ok, i put the internal object away and disable nat, source i use now all

 

But it wont work

 

1974
0 Kudos
loic
New Contributor III

Created on ‎03-23-2017 07:36 AM

the source address is wrong, you need to use the source IP of users which access to the ressource, any if unknown

the destination address is wrong, you need to use the VIP

Your VIP need to be associated with your Wan1 interface

You do not nedd to enable nat

Loïc
Loïc
1974
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.