Hi,
I am not able to get throught tcp port 444 despite I allowed this port on my fortigate 100F.
Do you know why ?
Thank you for your help.
Solved! Go to Solution.
Hello,
The flow debug would be useful for issue troubleshooting. Please check the CLI commands as below.
diagnose debug flow trace stop
diagnose debug enable
diagnose debug flow filter addr x.x.x.x
diagnose debug flow show function-name enable
diagnose debug flow trace start 100
*. Debugging the packet flow
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/54688/debugging-the-packet-flow
Hello,
I did not find any sessions connected to port 444 through debug file.
Please capture the packets for 80.247.14.114 from port1.
If no packets are captured related to 444 port, then the packet did not routed to the firewall.
*. Performing a sniffer trace or packet capture
https://docs.fortinet.com/document/fortigate/7.0.12/administration-guide/680228/performing-a-sniffer...
IT IS OK :D Thank you KWAN !
So I create this rule but I didn't put it up to the policy 76 which was "reject all". So now, everything is working :D
But I still don't understand why for some computers it was working and for other, not.
Hey
Is there a policy in place?
Hey Christian, Thank you for your reply.
Are you French ?
I just arrived in the company, and I try to check if there was a policy but everything seems to be ok...
I also added this policy, but still not working.
Hello,
The flow debug would be useful for issue troubleshooting. Please check the CLI commands as below.
diagnose debug flow trace stop
diagnose debug enable
diagnose debug flow filter addr x.x.x.x
diagnose debug flow show function-name enable
diagnose debug flow trace start 100
*. Debugging the packet flow
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/54688/debugging-the-packet-flow
Hi Dongkwan !
Thank you for your help :)
Please find below the diagnose report. Do you see something wrong ?
I cannot put the diagnose report here because its exceed 20 000 characters, so I uploaded it here : https://www.transferxl.com/download/08jLzHZnRHNB5
Hello,
I did not find any sessions connected to port 444 through debug file.
Please capture the packets for 80.247.14.114 from port1.
If no packets are captured related to 444 port, then the packet did not routed to the firewall.
*. Performing a sniffer trace or packet capture
https://docs.fortinet.com/document/fortigate/7.0.12/administration-guide/680228/performing-a-sniffer...
Hi Kwan,
Sorry my session was not active during the diagnose. Please find the new log where we can see the 444 session.
https://www.transferxl.com/download/08jpbxjBtN2G7X
So I made a session from a working computer 192.90.249.54 and from 192.90.249.14 which was denied by policy 76. Its seem that there is a policy called 76 who is blocking the session right ? "Denied by forward policy check (policy 76)" Is that the problem ?
I checked in Dashboard > Policy : But I can't find any policy with number 76.. Where else can I check ?
IT IS OK :D Thank you KWAN !
So I create this rule but I didn't put it up to the policy 76 which was "reject all". So now, everything is working :D
But I still don't understand why for some computers it was working and for other, not.
Ok I saw that some computers was allowed by Policy 68, and my computer was allowed in Policy 68. That is why it was working for me :) Thank a lot !!!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.