Hello All,
I am hoping someone can help me out here. I have a Fortigaurd D-200 firewall and for some reason I can't get my firewall to let ports 443 and 5061 pass through. I have it configured in the IPV4 policy to let traffic coming from WAN1 go to Port 1 and forward traffic to VIP 209.x.x.108 -->10.x.x.62. I have the service set as 5061 and 443 first, but it still will not allow traffic to IP 10.x.x.62. I tried also to let all ports through to VIP 209.x.x.108 --> 10.x.x.62 but when going to the Remote connection Analyzer from Microsoft it says that there is still issues with port 5061 to lyncdiscoverinternal.<domain>.com. The DNS for lyncdiscoverinternal.<domain>.com is showing 10.x.x.62 so it seems to be resolving right. Can anyone help me get my firewall to allow ports 5061 and 443 through?
Thanks,
Frank,
Traffic logging (especially using FortiAnalyzer) can tell you the story much more accurately than what I can guess, but after reading your message a couple of times it seems possible that you are missing a route statement to send traffic to 10.x.x.62 out port1? If that's the case, it won't match your firewall policy until you fix that.
It's also possible that there is a policy misconfiguration (correct order, etc), but the route statement seems a more likely oversight (I've made it as well before). If you think the routing is set up correctly, you can verify it by going to Monitor > Routing Monitor to make sure the route you want is actually installed in the routing table. If not, a better route must be matching it or an interface is down or something.
- Daniel Hamilton
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1046 | |
864 | |
521 | |
441 | |
146 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.