Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ATOON
New Contributor III

Created on ‎04-05-2024 11:15 AM

Request for Site Access via Specific Port

Hi,

 

Assistance with a network configuration. We have two internet modems in our current setup:

 

1. A fiber connection linked to the Forti WAN port.
2. A DIA with a static IP connected to Forti port number 4.

 

The internet is functioning correctly from the WAN port, now we need the user login to specified sites accessed exclusively through port number 4.

 

Modem: FortiWiFi 30E

Firmware: v6.2.15 build1378 (GA)

fori.jpg

Labels:
3539
0 Kudos
3 Solutions
Toshi_Esumi
SuperUser
SuperUser
In response to ATOON

Created on ‎04-05-2024 07:28 PM

So far looks fine. Can you ping "fast.com"? Since I can ping it from my 40F, you should be able to. If not, try traceroute.

fg40f-utm (root) # exe ping fast.com
PING fast.com (23.5.241.75): 56 data bytes
64 bytes from 23.5.241.75: icmp_seq=0 ttl=55 time=19.7 ms
64 bytes from 23.5.241.75: icmp_seq=1 ttl=55 time=19.6 ms
64 bytes from 23.5.241.75: icmp_seq=2 ttl=55 time=19.6 ms
64 bytes from 23.5.241.75: icmp_seq=3 ttl=55 time=19.6 ms
64 bytes from 23.5.241.75: icmp_seq=4 ttl=55 time=19.6 ms

--- fast.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 19.6/19.6/19.7 ms

fg40f-utm (root) # exe traceroute fast.com
traceroute to fast.com (23.5.241.75), 32 hops max, 3 probe packets per hop, 84 byte packets
1 63.231.10.70 <tukw-dsl-gw70.tukw.qwest.net> 1.366 ms 1.881 ms 1.909 ms
2 63.226.198.41 <63-226-198-41.tukw.qwest.net> 2.014 ms 1.898 ms 1.900 ms
3 * * *
4 4.69.219.65 <ae2.3605.edge9.sanjose1.level3.net> 18.981 ms * *
5 4.14.32.70 <citigroup-i.bar2.sanfrancisco1.level3.net> 200.976 ms 124.634 ms 203.926 ms
6 * * *
7 * * *
8 23.5.241.75 <fast.com> 19.540 ms 19.830 ms 19.459 ms

 

Toshi

View solution in original post

3084
0 Kudos
AEK
SuperUser
SuperUser
In response to ATOON

Created on ‎04-06-2024 12:57 PM Edited on ‎04-06-2024 12:58 PM

In step 4 (firewall policy), destination should be All.

Then go to SD-WAN rules, and add the following rule:

  • source: all
  • destination: site1.com, site2.com
  • strategy: manual
  • interface preference: port4

Then add another SD-WAN rule "below" of the previous one:

  • source: all
  • destination: all
  • strategy: manual
  • interface preference: WAN

That will make things exactly in the way you requested.

AEK

View solution in original post

AEK
3009
0 Kudos
ATOON
New Contributor III
In response to AEK

Created on ‎04-08-2024 11:38 AM

I found two cloud servers not running. All servers are now working fine.

View solution in original post

2897
0 Kudos
32 REPLIES 32
ATOON
New Contributor III
In response to AEK

Created on ‎04-08-2024 09:08 AM

I tried DNS provided by the service provider, Google Public DNS, and OpenDNS but the same issue can't resolve the wildcard.

You can suggest DNS to try it?

367
0 Kudos
AEK
SuperUser
SuperUser
In response to ATOON

Created on ‎04-08-2024 10:42 AM

Using Google DNS or OpenDNS is fine. If you want wildcard to work you need to disable DNS over SSL/HTTPS in your browser.

AEK
AEK
362
0 Kudos
ATOON
New Contributor III
In response to AEK

Created on ‎04-08-2024 11:38 AM

I found two cloud servers not running. All servers are now working fine.

2898
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.