CCTV Company is attempting to gain access to their equipment on port 10000 on a public IP on site, however they are telling me port 10000 is blocked.
I have an allow any any with no services specified on the Fortigate so it should be passing through. It does work on port 554 however, and I can telnet on port 554 from the Fortigate which shows as open, but not on 10000, and the CCTV company have informed me their device is 100% listening on port 10000 etc.
When I ran a debug I got the below: -
Elite_Brenntag_Lutte~4JA # execute telnet 126.96.36.199 10000 Trying 188.8.131.52... id=65308 trace_id=1 func=print_pkt_detail line=5868 msg="vd-root:1 received a packet(proto=6, 184.108.40.206:18559->220.127.116.11:10000) tun_id=0.0.0.0 from local. flag [S], seq 168818775, ack 0, win 65535" id=65308 trace_id=1 func=init_ip_session_common line=6049 msg="allocate a new session-017937de, tun_id=0.0.0.0" id=65308 trace_id=2 func=print_pkt_detail line=5868 msg="vd-root:1 received a packet(proto=6, 18.104.22.168:10000->22.214.171.124:18559) tun_id=0.0.0.0 from lan. flag [R.], seq 0, ack 168818776, win 0" id=65308 trace_id=2 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-017937de, reply direction" id=65308 trace_id=2 func=vf_ip_route_input_common line=2605 msg="find a route: flag=84000000 gw-126.96.36.199 via root" Failed to connect to specified unit.
I would recommend to check the device 188.8.131.52 or (if applicable) another firewall between FortiGate and 184.108.40.206 which is sending REST ACK instead of SYN ACK. FortiGate should receive flag [S.] from 220.127.116.11 instead of [R.] (debug flow).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.