Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nuur
New Contributor

Created on ‎09-27-2023 01:17 PM

Port forward to RDP

Hello all,

 

Basicly I installed Forticlient-VM and Windows Server 2022 on Hyper-V.

Everything seems to work Ok except port forward.

This is how I set up th VIPSchermafbeelding 2023-09-27 215844.png

Interface = any (also tried WAN)
Type = Static NAT
External IP address/range = WAN 192.168.1.253 (Also tried 0.0.0.0)
Map to IPv4 address/range = Server ip 192.168.5.10 - LAN network
Port Forwarding = ON
Protocol = TCP
Port Mapping Type = One to one
External service port = 3389
Map to IPv4 port = 3389

I have also created firewall policy

Schermafbeelding 2023-09-27 220844.png

Can any help me with any kind of a solut

 

 

Labels:
2634
0 Kudos
25 REPLIES 25
mle2802
Staff
Staff
In response to Nuur

Created on ‎09-28-2023 11:13 AM

Hi @Nuur,

This look like FortiGate is behind a NAT device. You said you are connecting from outside, what is the IP you use for connection? Is it a public IP from ISP?

873
0 Kudos
Nuur
New Contributor
In response to mle2802

Created on ‎09-28-2023 11:19 AM

Hi @mle2802 

I am Connecting from the ISP Public Ip

868
0 Kudos
mle2802
Staff
Staff
In response to Nuur

Created on ‎09-28-2023 11:22 AM

Hi @Nuur,
From ISP router, is there port forwarding rule from ISP public IP on port 3389 to 192.168.1.253?

864
0 Kudos
Nuur
New Contributor
In response to mle2802

Created on ‎09-28-2023 11:28 AM

Hi @mle2802 

I didn't configure port forward from ISP router...

 

I will do that and let you know

 

Thnx

859
0 Kudos
mle2802
Staff
Staff
In response to Nuur

Created on ‎09-28-2023 11:30 AM

Hi @Nuur,
Because you are behind a NAT device so traffic cannot route to FortiGate for the VIP. ISP router must be forward traffic to FortiGate and then VIP will be kick in.

857
0 Kudos
Nuur
New Contributor
In response to mle2802

Created on ‎09-28-2023 12:00 PM

Hi @mle2802 ,

 

This is how i configured my isp router

Schermafbeelding 2023-09-28 205645.png

The originating ip is the one I am using to reach the rdp.

Which is my hotspot connected 

 

But it doesnt seem to work

850
0 Kudos
mle2802
Staff
Staff
In response to Nuur

Created on ‎09-28-2023 12:17 PM

Hi @Nuur,

Can you initiate the rdp and run the following command on fortigate and see if VIP is kick in correctly. Also make sure to bind wan interface to your VIP:

diag debug reset
diag debug flow filter addr 192.168.1.253
diag debug flow filter port 3389
diag debug flow show ip en
diag debug flow show func en
diag debug console time ena
diag debug ena
diag debug flow trace start 999



838
0 Kudos
Nuur
New Contributor
In response to mle2802

Created on ‎09-28-2023 01:20 PM

Unfortunatley the command only reacts when I rdp the server from WAN 192.168.1. or LAN 192.168.5.

 

If I do it from different network no reaction from the diag commands.

 

Is there anything I should configure in the static routing or something else?

830
0 Kudos
mle2802
Staff
Staff
In response to Nuur

Created on ‎09-28-2023 01:23 PM

Hi @Nuur,
If you run the command and did not get any debug when RDP from outside of the network mean that your port forwarding from ISP router is not working, we did not receive any traffic from them so I would suggest to troubleshoot with them.

827
hbac
Staff
Staff
In response to Nuur

Created on ‎09-29-2023 06:46 AM

Hi @Nuur

 

Please collect information requested by msanjaypadma. We need those information to resolve this issue. 

 

Regards,

784
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.