Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
magonaus
New Contributor

Created on ‎03-12-2018 04:19 AM

tftp not working over fortigate

I have a FortiGate 200D

On One Interface 2 I have 10.1.0.0/16 and on interface 3 I have a 10.8.0.0/16 Subnet.

 

There is a rule that allows TFTP from Interface 2 to Interface 3

Also there is a tftp session helper

But while traffic to the tftp server 10.1.1.8 arrives, the answer is blocked by the firewall.

What can I check.

tftp Server is definitely fine in the 10.1.0.0/16 subnet.

On all other Subnets the return traffic is blocked.

     
6194
0 Kudos
1 REPLY 1
anelis
New Contributor

Created on ‎03-12-2018 07:20 AM

Whenever you have what appears to be a weird behavior, check in CLI the flow:

 

diagnose debug flow filter clear

diagnose debug flow filter daddr <YOURDST>

diagnose debug flow filter dport 69

diagnose debug flow show function-name enable    --> if in 5.6, otherwise a tad different

diagnose debug flow show iprope enable                --> if in 5.6, otherwise a tad different

diagnose debug flow trace start 50

 

Then issue a test, you'll for sure find your answer, maybe your session-helper is not well set and so the return packet is dropped by the firewall.

 

Another simple thing to test: does your tftp server have a gateway set up ? does your tftp server allow connections from other sources ?

 

Hope it helps

3128
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.