How to open a different port

ragno · ‎12-29-2014

Hi!

I have a Fortigate-50B (system 4.0 MR3) model, and I have to open ports like 8080, 993,465 because these ports are not listed at "Predefined" into "Services". All this traffic is being blocked by the firewall.

I tried to create port 8080 into "Custom", by defining the source and destination port low/high with 8080, but after I placing in a Policy nothing changes and the port continue to be blocked.

What should I do for make this simple task?

Thank you.

Dave_Hall · ‎12-29-2014

Attached (top part) is a custom service (based on your requirements); (bottom part) is just a service group (on 5.0.9) grouping all the email services. (These are just examples.) Remember when you define your firewall policy -- move the rule up in the firewall chain so it get's executed.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

Dave_Hall · ‎12-29-2014

It would help if you can define what you are trying to accomplish by opening these ports. Are you trying to allow traffic on those ports out (internal->WAN) or outside in (WAN->Internal).

In a custom service, you generally define the dest/target (TCP/UDP) ports you want open -- the source or originating ports you (edit: usually) leave at 1-65535.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

ragno · ‎12-29-2014

The traffic is Internal->WAN

Dave_Hall · ‎12-29-2014

Attached (top part) is a custom service (based on your requirements); (bottom part) is just a service group (on 5.0.9) grouping all the email services. (These are just examples.) Remember when you define your firewall policy -- move the rule up in the firewall chain so it get's executed.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

ragno · ‎12-29-2014

Ok Dave,

I made the same way as you said and worked perfectly!

Thank you!

Yeruel_Birku · ‎03-14-2018

Hi Team, Please help on the below.

I am looking for Policy create and NAT and Port Opening.

I have public IP 197.156.Y.Y and Private IP 172.16.x.x. (Video conference codec server).

172.16.X.X---static Nat to ---197.156.Y.Y

And The port should open as below table.

Function

Port Range

point to point call+ People&Content

Gatekeeper Discovery (RAS)

1718-1719 UDP

Q.931 Call Setup

1720 TCP

Audio Call Control

1731 TCP

Video Range

3230-3253 TCP/UDP

Audio Range

3230-3253 TCP/UDP

Data/FECC Range

3230-3253 TCP/UDP

Port Range

1718-1719 UDP

1720 TCP

1731 TCP

3230-3253 TCP/UDP

ede_pfau · ‎03-14-2018

my advice: use a port-less (full) VIP and use a service group on the incoming policy. Much less effort than a dozen of VIPs and one VIP group.

Ede

"Kernel panic: Aiee, killing interrupt handler!"