Gentleman,
I need support, show below that port 2601 on server that is map on loopback 10.2.202.10 is getting reset, but going direct to server port is open.
Need some help why going to loopback is resetting.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @hbuenafe81 ,
Can you run these diagnose commands and share the output with us? While running these commands you need to try to access 10.2.202.10:2601
diagnose debug disable
diagnose debug flow trace stop
diagnose debug flow filter clear
diagnose debug reset
diagnose debug flow filter dport 2601
diagnose debug flow trace start 100
diagnose debug enable
Also are you sure about, your TCP/2601 service status listening on the server? Can you try this with that command?
execute telnet 10.3.131.120 2601
Hello @hbuenafe81 ,
Can you run these diagnose commands and share the output with us? While running these commands you need to try to access 10.2.202.10:2601
diagnose debug disable
diagnose debug flow trace stop
diagnose debug flow filter clear
diagnose debug reset
diagnose debug flow filter dport 2601
diagnose debug flow trace start 100
diagnose debug enable
Also are you sure about, your TCP/2601 service status listening on the server? Can you try this with that command?
execute telnet 10.3.131.120 2601
Gents,
need help port suddenly stop working. Below debug for your informations.
regards,
Hello @hbuenafe81 ,
Do you have a VIP configuration related to 10.3.131.120:2601?
If you say yes, can you enter this command in that VIP configuration?
config firewall vip
edit "YOUR_VIP_NAME"
set arp-reply disable
end
If you don't use this VIP you can also delete it.
Hi ozkanaltas,
I have multiple entry for on VIP for this 10.3.131.120. although it was working earlier and suddenly stop.. any idea you got base on log provided?
Hi @hbuenafe81 ,
I suspect on this line.
msg="VIP-10.3.131.120:2601,outdev-unknown
thanks bro.. I am also suspecting that but i don't know what to do to be honest. Need some expert here.
Hi @hbuenafe81 ,
You can try this command.
config firewall vip edit "YOUR_VIP_NAME" set arp-reply disable end
I tried it already. all related to port 2601 arp has been disable.
edit "afaqy-stc-2601"
set extip 10.2.202.10
set mappedip "10.3.131.120"
set extintf "any"
set arp-reply disable
set portforward enable
set extport 2601
set mappedport 2601
Created on 06-03-2024 07:00 AM Edited on 06-03-2024 07:01 AM
Hi @hbuenafe81 ,
Isn't the 10.2.202.10 IP address defined on the router instead of FortiGate? If so, why do you need to nat on FortiGate?
If not, can you try writing a rule that will directly reach the "afaqy-stc-2601" vip object from the 172.40.0.0/16 network?
Source Intf : IPSEC Interface
Destination Intf : dmz Interface
Soruce Addr: afaqy-stc
Destination Addr : afaqy-stc-2601
Can you explain the flow of traffic a little more to make it clearer?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.