Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

VNC Through Fortigate

VNC uses TCP ports 5900 and 5800 by default. With that in mind, I have VNC successfully working with the following rules. Wireless to Internal Client Internal Client to Wireless Ports 1-65535 Source and 5900 Destination Ports 1-65535 Source and 5800 Destination While I do not like having these ports open at all it is a requirement for our developers. Does anybody have any other rule sets that work which may be a bit more locked down?
3 REPLIES 3
doshbass
New Contributor III

This seems pretty well locked down to me, you are opening 2 ports only
Still learning to type " the"
Still learning to type " the"
rwpatterson
Valued Contributor III

If you combine that with an SSL VPN login, you' re better secured. Create NAT IP ranges for the logins, then create a policy from the external ports using that IP range to the VIP on the same port. Then the only way into those servers would be after a successful login. I did it, so I know it works.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Hracio
New Contributor

Use 1024-65535 range as source ports, dest 5800-5900, combined with ssl-vpn as rwpatterson says.. Regards, .!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors