Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TimeCop79
New Contributor II

Port forwarding issue with two different ports

Hi

I have configured port forwarding on my FGT 60D to allow RDP access to 2 computers with the IP addresses 192.168.1.10 and .20, and the source ports 3389 and 3390. I created the virtual IPs for each and the policy. For the address 192.168.1.10/3389, RDP works perfectly, but for 192.168.1.20/3390, it doesn't work. The computers are connected through a router with a private address of 10.0.16.62. I even tried modifying the VIP of the address 192.168.1.10 with port 3390, but it still doesn't work. Thank you for helping me.

13 REPLIES 13
ozkanaltas
Valued Contributor III

Hello @TimeCop79 ,

 

Could you share vip configuration with us? 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
TimeCop79

IMG_20240316_122245.jpg

this the first VIP that works fine, the second VIP is same but with 192.168.1.20 as mapped ip and 3390 as external service port

ozkanaltas
Valued Contributor III

Hello @TimeCop79 ,

 

I see that, you use private ip as a external ip. Did you do nat configuration on isp router for 3390. In this scenerio need to this. Also you can sniff the traffic for 3390. If you cant see any traffic. You need to look your isp router.

 

diagnose sniff packet any "port 3390" 4 0

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
TimeCop79

1-for the 3389 it works, but for the 3390 no packet received with diagnose command,

2-for any other port than 3389 a i have to do nat on isp?

 

ozkanaltas
Valued Contributor III

Hello @TimeCop79 ,

 

In my opinion, you need to check your router configuration. I think your router does not allow 3390 traffic. 

 

Yes, you can configure nat on your ISP router for 3390. 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
TimeCop79

its small huwaei 4g isp (b311) , can't find nat settings

ozkanaltas
Valued Contributor III

Hello @TimeCop79 ,

 

If your isp does not use customized firmware on your router you can review these documents about nat. 

 

https://consumer.huawei.com/en/support/content/en-us15807087/

 

https://consumer.huawei.com/en/support/content/en-us15806329/

 

If your isp uses customized firmware, you can contact with them for this issue. 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
TimeCop79

could i resolve the problem with port mapping on isp ?

ozkanaltas
Valued Contributor III

They should help with this matter. Or they should say, we are not allowed this. Because some ISPs don't allow this nat operation.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors