Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
Contributor

Created on ‎07-10-2023 03:40 AM

TFTP - 69 rule is not working

Dear All,

 

I need your small help today I have created rule to backup of the stack switch which is installed behind the FortiGate Firewall.

 

Everything is correct as per my knowledge, tftp port is also enabled, still not able to establish connection between TFTP server & client.

 

Can anyone has any suggestions on it for me.

 

Thank you.

 

Labels:
3201
0 Kudos
1 Solution
Umesh
Contributor
In response to Umesh

Created on ‎07-12-2023 04:11 AM

Hi All,

 

Issue has been resolved as we have to define reverse traffic for both direction.

As the moment I have configured reverse policy (vice versa) after that  I am able to take take configuration backup of the destination devices.

 

Thank you all.

View solution in original post

3054
0 Kudos
10 REPLIES 10
srajeswaran
Staff
Staff

Created on ‎07-10-2023 04:05 AM

Do you see the traffic on the firewall? Can you check the traffic log on Fortigate for the specific server/client IPs.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
2808
0 Kudos
Umesh
Contributor
In response to srajeswaran

Created on ‎07-11-2023 12:03 AM

Hi Suraj,

 

I have seen on firewall which I had created rule there is no any hit, what can be issue.

2779
0 Kudos
srajeswaran
Staff
Staff
In response to Umesh

Created on ‎07-11-2023 12:14 AM

From the client machine are you able to ping the TFTP server? Can you do a traceroute and check if the traffic is on the right path?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
2774
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎07-10-2023 08:30 AM

First, you need to explain where the TFTP server and the clients are located in relation to the FGT interfaces. Then check routing and policies between them. For troubleshooting, start with just sniffing traffic between those interfaces to see if the request packets are coming/going through the interfaces.

 

Toshi

2794
0 Kudos
Umesh
Contributor
In response to Toshi_Esumi

Created on ‎07-11-2023 12:26 AM

Hi Toshi,

 

I would like to tell the scenario how I am trying to take backup through TFTP, here is the below diagram.

 
 

tftp.JPG

policy name - tftp
incoming interface - port2
outgoing interface - port 3
source - 1.1.1.0/24
destination - 5.5.5.0/24
schedule - always
service -tftp 69
action - accept
nat - disabled
okay.


After enabling rule on the firewall, there is no logs. Can you please help us to resolve the issue.

 

2768
0 Kudos
Umesh
Contributor
In response to Umesh

Created on ‎07-11-2023 12:41 AM

Hi Toshi,

 

I am able to ping client (5.5.5.2) from  server (1.1.1.2), also  getting traceroute.

2766
0 Kudos
srajeswaran
Staff
Staff
In response to Umesh

Created on ‎07-11-2023 12:49 AM

You need policy from port3 to port2.

incoming interface - port3
outgoing interface - port 2

source - 5.5.5.0/24
destination - 1.1.1.0/24
schedule - always
service -tftp 69
action - accept
nat - Interface (just to make sure there is no return route issue)

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
2761
0 Kudos
Umesh
Contributor
In response to Umesh

Created on ‎07-12-2023 04:11 AM

Hi All,

 

Issue has been resolved as we have to define reverse traffic for both direction.

As the moment I have configured reverse policy (vice versa) after that  I am able to take take configuration backup of the destination devices.

 

Thank you all.

3055
0 Kudos
Umesh
Contributor

Created on ‎07-11-2023 01:04 AM

Hi,

Why should I choose incoming interface port3 whereas incoming interface would be port as traffic is initiating from PC which server and switch 5.5.5.2 is client.

let me tell you what exactly I need.

I have to take backup of switch which is installed behind the firewall.

tftp server 1.1.1.2

client - 5.5.5.2

from 1.1.1.2 switch 5.5.5.2 is reachable.

 

can you guide me what can be issue.

2755
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.