Fortigate 100D running v5.0,build0292 (GA Patch 9) I have created two
custom services TCP 9100 and UDP 47808. I created two different policies
one policy using each of the custom services. The firewall is blocking
both of the services. The only way I...
ashukla wrote:If you check the custom service from CLI do you see :0
after portrnage config firewall service custom edit "TCP_9100" set
tcp-portrange 9100:0 If you see portrange 9100:0 it is a problem. Either
from cli just set tcp-portrange 9100Of in...
ashukla wrote:To find out why firewall is dropping it, run the flow
level debug: diag debug enable diag debug flow filter dport 9100 diag
debug flow show console enable diag debug flow trace start 200 start the
traffic and after capturing the output ...
Dave Hall wrote:kalysta wrote:set srcaddr "10.18.21.55" "172.30.128.17"
"172.30.120.17"set dstaddr "10.69.1.119" "10.69.1.120"[...]set dstaddr
"10.69.0.19" I'm not a big fan of address object labels using IP
addresses - could/can lead to problems fur...
ede_pfau wrote:HP printing is (at least in one place, here:
http://www.speedguide.net/port.php?port=9100) reported to use port 9100
TCP and UDP. Try the policy with the custom service extended by
9100/udp. Be sure that the (test) traffic hits the int...
The policy using TCP 9100 is only using that port. It's simply windows
printing. The policy using UDP 47808 is also using telnet and ICMP.
Telnet and ICMP are passing through just fine. The log clearly shows
it's blocking only TCP 9100 and UDP 47808....
