Created on 01-11-2007 07:08 AM
Virtual IP: Name IP Service Port Map to IP Map to Port Scheidegg_DMZ_SMTP wan1/0.0.0.0 tcp/25 10.10.10.2 tcp/25 Scheidegg_DMZ_SSH wan1/0.0.0.0 tcp/2224 10.10.10.2 tcp/22 Firewall policies: WAN1 -> DMZ (2) ID Source Dest Schedule Service Action Enable 8 all Scheidegg_DMZ_SSH always SSH ACCEPT 10 all Scheidegg_DMZ_SMTP always SMTP ACCEPTI have verified that when I actually am in the DMZ, I can access the machine on the ports requested (25 and 22). But from the outside (WAN1), packets don' t go through. I have other port forwardings defined from WAN1 to Internal, and they work as expected. I remember I went through some trouble configuring VPN at the time. I still don' t understand why the VPN policy is " inverted" (from internal to WAN1 and not the reverse). Is there some similar weird trick to do with DMZ? Or maybe I am just missing something so obvious? Thanks, Laurent
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Created on 01-11-2007 08:28 AM
Created on 01-12-2007 02:49 AM
Created on 01-12-2007 06:55 AM
# tcpdump -i eth1 port 22 [snip] 15:13:21.880934 IP dXXX-XXX-XXX-XX.XXX.XXX.XX.29897 > YYYYY.ZZZ.ssh: S 4222539634:4222539634(0) win 65535 <mss 1400,nop,nop,sackOK> 15:13:24.745424 IP XXX-XXX-XXX-XX.XXX.XXX.XX.29897 > YYYYY.ZZZ.ssh: S 4222539634:4222539634(0) win 65535 <mss 1400,nop,nop,sackOK> ... repeats until time outIt' s weird, because the interface responds fine when I plug my laptop directly into the DMZ and connect via ssh. So what is different when going through the Fortigate' s firewall policy?? For a second I thought I had to setup a reverse policy for outgoing traffic, but there' s actually one already to let all outgoing traffic pass. I just don' t get it. Laurent
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Created on 01-12-2007 08:44 AM
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.