Web url to alternate port

Report Inappropriate Content · ‎07-07-2008

Fortigate-50B 3.00-b0662(MR6 Patch 1) Not sure how to ask this ... I have a web site called www.xyz.com for example located in the wan2(dmz) zone. This works fine with VIP and forwarding etc. on port 80 like expected. I am trying to allow web server access to the control panel on port 9001. I have setup panel.xyz.com as an A-Address with my NS source. How do I enable panel.xyz.com to end up at www.xyz.com:9001 without the end user having to use the :9001 notation? TIA, Doug

rwpatterson · ‎07-08-2008

You would have to use the port forwarding option, set the outside to port 80 (the default for web browsing), and the inside to 9001. You would also need to create a custom protocol (or service) for that traffic to use in the policy.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Report Inappropriate Content · ‎07-08-2008

Do I have to get panel.xyz.com to actually include the :9001 or can the firewall " notice" the " panel.xyz.com" and forward accordingly? Thanks, Doug

rwpatterson · ‎07-08-2008

The firewall will wiat for any port 80 traffic (default) and flip it to 9001, invisibly.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Report Inappropriate Content · ‎07-08-2008

Sorry - call me thick headed .... Regular site is www.xyz.com and needs to correctly go to port 80 on dmz for webserver. Control panel part of web is on port 9001.

UkWizard · ‎07-08-2008

Warning - their can be issues with with port-forwarding between different port numbers, as many apps pass the port its using as part of the http traffic, this sometimes breaks this. But it is rarely. Personally, I would actually do this on your website, and forget about panel.xyz.com altogether. Instead, create a folder under the root of your website and call it panel. then create the default htm (or whatever you use) file which does a url redirect. This is how i normally implement this. Then you just type http://www.xyz.com/panel instead, without all the mess, as you just need to open port 9001 on the VIP. So the URL redirect would go to http://www.xyz.com:9001 There is another way of the above, but its more complicated (using url detection in the webserver, so you have another website on the same port looking at the URL). Also I think bob forgot to mention his suggestions would obviously need to be ANOTHER external IP address. as port 80 would be used on the first.

UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.

Report Inappropriate Content · ‎07-08-2008

Thank you both for your help. I do have an extra static IP, but not sure if that is worth it ... point about /panel is probably best approach. Thanks, Doug

UkWizard · ‎07-08-2008

If you are using .HTM or php, i can provide you with the syntax for a URL redirect code.

UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.

rwpatterson · ‎07-08-2008

Good weekend, and lack of sleep!

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

UkWizard · ‎07-08-2008

Good weekend, and lack of sleep!

Glad one of us did, having really bad ' summer' weather here at the moment. rain rain and rain.....

UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.

Web url to alternate port

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website