Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Obie
New Contributor

Created on ‎12-16-2017 08:22 AM

PORT FORWARDING

Hey guys,

I followed the instruction on the cookbook to configure port forwarding with an application called go global. When i am connected to my LAN, it works just fine but then when I connected to the internet on the other side of the firewall it does not work. Please, i need help on this ASAP!

5499
0 Kudos
4 REPLIES 4
ede_pfau
SuperUser
SuperUser

Created on ‎12-16-2017 09:10 AM

hi,

 

please post some more infos: FortiOS version, VIP definition, policy. Preferable from the CLI/console, in text form. We'll see how I can help then.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
1871
0 Kudos
Obie
New Contributor

Created on ‎12-18-2017 08:57 AM

Hello. Thanks for your response.

   Virtual IP

 1. External IP Address/ Range: Virtual IP address

 2. Mapped IP Address/Range: Server Local IP address.

 3. Port Forwarding

Protocol TCP  UDP  SCTP  ICMP External Service Port -  Map to Port -    VIP Group Name Comments0/255 Interfacewan1 (WAN TO AIRTEL)                   MembersWebserver-goglobal Webserver-80

POLICY TO ALLOW TRAFFIC

Incoming Interfacewan1  Source Address all Source User(s)Click to add... Source Device TypeClick to add... Outgoing Interfaceport2  Destination AddressWebserver-http-vip Schedule always ServiceALL ActionACCEPT

Firewall / Network Options

 NAT-DISABLED  

Security Profiles

 AntiVirusdefault                 default                Web Filterdefault                 block-security-risks                       default                       flow-monitor-all                       monitor-all                       web-filter-flow                Application Controldefault                 block-p2p                       default                       monitor-p2p-and-media                       P2P                       Youtube-Blocking                IPSdefault                 all_default                       all_default_pass                       default                       high_security                       protect_client                       protect_email_server                       protect_http_server                Email Filterdefault                 default                VoIPdefault                 default                       strict                SSL/SSH Inspectioncertificate-inspection                 certificate-inspection                       deep-inspection              

Traffic Shaping

 Shared Shaperguarantee-1Mbps             guarantee-1Mbps                 high-priority                 low-priority                 medium-priority                 shared-1M-pipe                 Special Shaper                 Very low bandwidth            Reverse Shaperguarantee-1Mbps             guarantee-1Mbps                 high-priority                 low-priority                 medium-priority                 shared-1M-pipe                 Special Shaper                 Very low bandwidth            Per-IP ShaperNo_bandwidth             No_bandwidth          

Logging Options

 Log Allowed Traffic  Security Events  All Sessions  Capture Packets Comments0/1023  Enable this policy  Cancel

1870
0 Kudos
rwpatterson
Valued Contributor III
In response to Obie

Created on ‎12-18-2017 12:09 PM

You get much better readability if you post the configuration from the CLI instead of the web interface. The above is a hot mess.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
1870
0 Kudos
Sidewaysguy
New Contributor III
In response to rwpatterson

Created on ‎12-29-2017 03:03 PM

Obie,

 

Please clarify, are you hosting this "Go Global" application or are you just trying to connect to it? 

 

If you are hosting it, then using a VIP, ports and creating the associated policy to allow traffic inbound will work.  If this is the case, you should be able to Telnet to the port from the outside if it has been opened.  Also, if there are multiple ports needed, you may need to create more than one VIP if the ports aren't in a range. 

 

As noted above, posting the config from the CLI would be preferred.

 

Thanks

 

Sidewaysguy

1872
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.