Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nuur
New Contributor

Created on ‎09-27-2023 01:17 PM

Port forward to RDP

Hello all,

 

Basicly I installed Forticlient-VM and Windows Server 2022 on Hyper-V.

Everything seems to work Ok except port forward.

This is how I set up th VIPSchermafbeelding 2023-09-27 215844.png

Interface = any (also tried WAN)
Type = Static NAT
External IP address/range = WAN 192.168.1.253 (Also tried 0.0.0.0)
Map to IPv4 address/range = Server ip 192.168.5.10 - LAN network
Port Forwarding = ON
Protocol = TCP
Port Mapping Type = One to one
External service port = 3389
Map to IPv4 port = 3389

I have also created firewall policy

Schermafbeelding 2023-09-27 220844.png

Can any help me with any kind of a solut

 

 

Labels:
2619
0 Kudos
25 REPLIES 25
Nuur
New Contributor
In response to hbac

Created on ‎09-30-2023 10:26 PM

I see no traffic when I use diag commands

479
0 Kudos
dbu
Staff
Staff

Created on ‎09-28-2023 11:15 AM Edited on ‎09-28-2023 11:19 AM

Hi @Nuur ,

 

Here is how it works in my lab:

This is the VIP object we create to translate from external public IP to the internal server's IP address 


tempsnip1.png

 

Here is the firewall policy :

tempsnip2.png

 

Then RDP to the external IP address of the Fortigate configured on port 1

tempsnip3.PNG

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
577
0 Kudos
Nuur
New Contributor
In response to dbu

Created on ‎09-28-2023 11:20 AM

All these settings is also wat I have

 

But are u rdping from the same network?

 

I am connecting from different network

538
0 Kudos
dbu
Staff
Staff
In response to Nuur

Created on ‎09-28-2023 11:55 AM Edited on ‎09-28-2023 12:00 PM

I am connecting from different network  ( changed the External IP for this screenshot only), this is why i need the NAT enabled. 

Configuration itself is pretty basic, the only thing you need to verify is reachability of the RDP server from FGT and yours to FGT. 

Maybe you are hitting the wrong firewall policy. 
Run this commands in order to find out.  

diag debug reset

diag debug flow filter addr 192.168.100.200    >>>> replace with the targed RDP

diag debug console timestamp enable

diag debug flow show iprope enable

diag debug flow show function-name enable

diag debug enable

-Start doing RDP 

diag debug flow trace start 200

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
519
0 Kudos
Nuur
New Contributor

Created on ‎09-30-2023 10:27 PM

I am using a vm Fortigate.

 

Is it possible that you guys are all uising actual Foritgate?

478
0 Kudos
dbu
Staff
Staff
In response to Nuur

Created on ‎10-01-2023 04:25 AM

@Nuur 
I believe it does not matter what platform you are using. 
Btw mine is VM :)

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
467
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.