Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ragno
New Contributor

Created on ‎03-16-2015 11:01 AM

Virtual IP for enable RDP

Hi,

 

I'm trying to make the settings on Fortigate to enable the RDP to a server but is not working.

I made the Virtual IP settings and I created the policy:

 

what is the problem?

 

VIRTUAL IP:

Name: RDP_virtualIP External Interface: wan1

External IP: 999.999.999.999 (I put the correct external ISP IP)

Mapped IP: 192.168.100.30

Port fowarding: enabled

External service port:3389/3389 Map to Port: 3389/3389

 

POLICY

From: wan1

To: vlan100

Source: all

Destination: RDP_virtualIP

Nat: disabled

 

In the logs I can see the pc outside that is trying to connect, it is not being blocked but doesn't works.

I placed the policy on the top of the rules but doesnt worked too.

Labels:
49840
0 Kudos
23 REPLIES 23
Robin_Svanberg
Contributor
In response to ragno

Created on ‎03-17-2015 08:27 AM

Ok, strange issue. I guess nothing worked? :)

 

If you enable NAT, can you collect the output of "diag sniff packet any 'host 192.168.100.30' 4" the same time you try to connect? Just want to see if there´s any ARP requests or similiar to 192.168.100.30.

 

Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden

 

robin.svanberg@ethersec.se

Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden robin.svanberg@ethersec.se
2108
0 Kudos
Christopher_McMullan
Staff
Staff

Created on ‎03-17-2015 08:36 AM

It would also still be very useful to review any logs generated on the server itself once connection attempts are made.

Regards, Chris McMullan Fortinet Ottawa

2108
0 Kudos
Dave_Hall
Honored Contributor
In response to Christopher_McMullan

Created on ‎03-17-2015 02:06 PM

@OP

 

Perhaps you can provide the CLI script equivalent, we may be able to spot something. eg.

 

config firewall service custom     edit "rdp-port-list"         set tcp-portrange 3389-3389:0-65535     next end config firewall vip     edit "RDP-Server1"         set extintf "wan1"         set portforward enable         set mappedip 192.168.100.30         set extport 3389         set mappedport 3389     next end config firewall policy     edit 0         set srcintf "wan1"         set dstintf "dmz_net"         set srcaddr "remote-admin-pc"         set dstaddr "RDP-Server1"         set action accept         set schedule "always"         set service "rdp-port-list"         [style="background-color: #ff0000;"]set nat enable[/style]     next end

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
VIP-RDP.jpg
Preview file
80 KB
2108
0 Kudos
ragno
New Contributor

Created on ‎03-23-2015 12:24 PM

Solved the problem: I just changed the port to 3386 on windows registry

(HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber) and now is working. 

 

But I didn't understand why 3389 doesn't works.

2108
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.