Hi,
I'm trying to make the settings on Fortigate to enable the RDP to a server but is not working.
I made the Virtual IP settings and I created the policy:
what is the problem?
VIRTUAL IP:
Name: RDP_virtualIP External Interface: wan1
External IP: 999.999.999.999 (I put the correct external ISP IP)
Mapped IP: 192.168.100.30
Port fowarding: enabled
External service port:3389/3389 Map to Port: 3389/3389
POLICY
From: wan1
To: vlan100
Source: all
Destination: RDP_virtualIP
Nat: disabled
In the logs I can see the pc outside that is trying to connect, it is not being blocked but doesn't works.
I placed the policy on the top of the rules but doesnt worked too.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Ok, strange issue. I guess nothing worked? :)
If you enable NAT, can you collect the output of "diag sniff packet any 'host 192.168.100.30' 4" the same time you try to connect? Just want to see if there´s any ARP requests or similiar to 192.168.100.30.
Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden
robin.svanberg@ethersec.se
It would also still be very useful to review any logs generated on the server itself once connection attempts are made.
Regards, Chris McMullan Fortinet Ottawa
@OP
Perhaps you can provide the CLI script equivalent, we may be able to spot something. eg.
config firewall service custom edit "rdp-port-list" set tcp-portrange 3389-3389:0-65535 next end config firewall vip edit "RDP-Server1" set extintf "wan1" set portforward enable set mappedip 192.168.100.30 set extport 3389 set mappedport 3389 next end config firewall policy edit 0 set srcintf "wan1" set dstintf "dmz_net" set srcaddr "remote-admin-pc" set dstaddr "RDP-Server1" set action accept set schedule "always" set service "rdp-port-list" [style="background-color: #ff0000;"]set nat enable[/style] next end
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Solved the problem: I just changed the port to 3386 on windows registry
(HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber) and now is working.
But I didn't understand why 3389 doesn't works.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.