Hi All,
CCTV Company is attempting to gain access to their equipment on port 10000 on a public IP on site, however they are telling me port 10000 is blocked.
I have an allow any any with no services specified on the Fortigate so it should be passing through. It does work on port 554 however, and I can telnet on port 554 from the Fortigate which shows as open, but not on 10000, and the CCTV company have informed me their device is 100% listening on port 10000 etc.
When I ran a debug I got the below: -
Elite_Brenntag_Lutte~4JA # execute telnet 88.202.173.10 10000
Trying 88.202.173.10...
id=65308 trace_id=1 func=print_pkt_detail line=5868 msg="vd-root:1 received a packet(proto=6, 88.202.173.9:18559->88.202.173.10:10000) tun_id=0.0.0.0 from local. flag [S], seq 168818775, ack 0, win 65535"
id=65308 trace_id=1 func=init_ip_session_common line=6049 msg="allocate a new session-017937de, tun_id=0.0.0.0"
id=65308 trace_id=2 func=print_pkt_detail line=5868 msg="vd-root:1 received a packet(proto=6, 88.202.173.10:10000->88.202.173.9:18559) tun_id=0.0.0.0 from lan. flag [R.], seq 0, ack 168818776, win 0"
id=65308 trace_id=2 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-017937de, reply direction"
id=65308 trace_id=2 func=vf_ip_route_input_common line=2605 msg="find a route: flag=84000000 gw-88.202.173.9 via root"
Failed to connect to specified unit.
Any ideas or suggestions please?
Thanks,
Rich
Solved! Go to Solution.
Hello Rich,
Based on the provided debug flow I can see that device is sending RESET packet instead of SYN ACK packet.
id=65308 trace_id=2 func=print_pkt_detail line=5868 msg="vd-root:1 received a packet(proto=6, 88.202.173.10:10000->88.202.173.9:18559) tun_id=0.0.0.0 from lan. flag [R.], seq 0, ack 168818776, win 0"
Hello Rich,
Based on the provided debug flow I can see that device is sending RESET packet instead of SYN ACK packet.
id=65308 trace_id=2 func=print_pkt_detail line=5868 msg="vd-root:1 received a packet(proto=6, 88.202.173.10:10000->88.202.173.9:18559) tun_id=0.0.0.0 from lan. flag [R.], seq 0, ack 168818776, win 0"
Hello,
That's brilliant thanks for the quick reply.
Assuming therefore it has to be an issue on the device sitting on 88.202.173.10?
Thanks,
Created on 08-21-2023 08:19 AM Edited on 08-21-2023 08:28 AM
Hello Rich,
I would recommend to check the device 88.202.173.10 or (if applicable) another firewall between FortiGate and 88.202.173.10 which is sending REST ACK instead of SYN ACK. FortiGate should receive flag [S.] from 88.202.173.10 instead of [R.] (debug flow).
Can you put this in "I eat crayons" terms?
Are you saying the Fortinet is having issues resolving sync with the Modem from ISP?
Or Sync with Network device ie, cameras?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.