Friends,
I want to access one of our server using the public IP from out side using http.Port enabled the same for 5555 internal.I created VIP and policy for the same 5555 map to 80 but internally X.X.XX:5555 working.From outside public ip X.X.X.X:5555 not working .Its showing only IIS page showing .Please help.Here am attaching log fyi
ashok kumar
Network Engineer
CCNP/MCSA
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
which ports/protocols are enabled in the firewall policy? 5555 or 80 or both?
Regards
Thorsten
multiple 30B / 40C / 60(B) / 80C / 100A / 200(A/B) / 600C 4.0 MR3
Can you share the VIP cfg and firewall policy cfg? Also did you do any diag debug flow and what's the output?
Example based on the information you provided
diag debug reset
diag debug flow fliter port 5555 or install the port that's not working
diag debug flow show console enable
diag debug flow trace start 100
diag debug en
Now place some traffic at the VIP external address and review the output diagnostics
PCNSE
NSE
StrongSwan
Hi ashok,
seems to me the port mapping in your VIP is the other way around:
external port: 5555
mapped to : 80
So, your IIS will respond to port 80 (= standard HTTP) and not to URL:5555?
Can you confirm that external users need to specify port 5555 to get to your web server?
Hi Ede,
already port 5555 enabled for this web server.Here internally users accessing this http://10.60.10.43:5555 so entering username and password they can access. Now they want to access from out side using public IP http://188.117.105.242:5555
so i did this way.
ashok kumar
Network Engineer
CCNP/MCSA
hi,
that's what I suspected.
You did not answer my question which port the IIS is listening to, 5555 or 80. If your users can access URL:5555 from internal LAN then I deduct that the IIS is listening on port 5555.
So, in order to enable external users to access URL:5555 you need to change the VIP port mapping:
external port: 5555
mapped to: 5555
And the policy has to allow traffic over port 5555, not port 80. Create a custom service for tcp/5555 and specify this in the policy. That should be all you need.
Hi ashok,
Interenally the users are accessing the ISS on port 5555 [link]http://10.60.10.43:5555[/link]
What they will see if they access it on port 80? http://10.60.10.43
Do you have a VIP also created for the internal users also to map the port 5555 to 80?
If not, you should set the VIP for the external access as external port 5555 and mapped port 5555 (the same as for the internal users). Also allow this port in the policy.
Or did I missed something?
AtiT
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.