Dear All,
I need your small help today I have created rule to backup of the stack switch which is installed behind the FortiGate Firewall.
Everything is correct as per my knowledge, tftp port is also enabled, still not able to establish connection between TFTP server & client.
Can anyone has any suggestions on it for me.
Thank you.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi All,
Issue has been resolved as we have to define reverse traffic for both direction.
As the moment I have configured reverse policy (vice versa) after that I am able to take take configuration backup of the destination devices.
Thank you all.
Do you see the traffic on the firewall? Can you check the traffic log on Fortigate for the specific server/client IPs.
Hi Suraj,
I have seen on firewall which I had created rule there is no any hit, what can be issue.
From the client machine are you able to ping the TFTP server? Can you do a traceroute and check if the traffic is on the right path?
First, you need to explain where the TFTP server and the clients are located in relation to the FGT interfaces. Then check routing and policies between them. For troubleshooting, start with just sniffing traffic between those interfaces to see if the request packets are coming/going through the interfaces.
Toshi
Hi Toshi,
I would like to tell the scenario how I am trying to take backup through TFTP, here is the below diagram.
policy name - tftp
incoming interface - port2
outgoing interface - port 3
source - 1.1.1.0/24
destination - 5.5.5.0/24
schedule - always
service -tftp 69
action - accept
nat - disabled
okay.
After enabling rule on the firewall, there is no logs. Can you please help us to resolve the issue.
Hi Toshi,
I am able to ping client (5.5.5.2) from server (1.1.1.2), also getting traceroute.
You need policy from port3 to port2.
incoming interface - port3
outgoing interface - port 2
source - 5.5.5.0/24
destination - 1.1.1.0/24
schedule - always
service -tftp 69
action - accept
nat - Interface (just to make sure there is no return route issue)
Hi All,
Issue has been resolved as we have to define reverse traffic for both direction.
As the moment I have configured reverse policy (vice versa) after that I am able to take take configuration backup of the destination devices.
Thank you all.
Hi,
Why should I choose incoming interface port3 whereas incoming interface would be port as traffic is initiating from PC which server and switch 5.5.5.2 is client.
let me tell you what exactly I need.
I have to take backup of switch which is installed behind the firewall.
tftp server 1.1.1.2
client - 5.5.5.2
from 1.1.1.2 switch 5.5.5.2 is reachable.
can you guide me what can be issue.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.