- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- A duplicate entry already exists port forward port...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A duplicate entry already exists port forward port 25 same extip
Hello forum members. My first post. Recently we purchased FortiGate 1000D and replaced TMG 2010 successfully. I found a lot of similar discussions but nine of them describe my issue.
Now I can't create one rule (can't figure out how to) which I can create easily on Kerio Control or TMG itself
What I need, is to forward SMTP port to Exchange Server itself (10.22.10.59), bypassing my AntiSpamServer (10.22.10.80) when connection goes from specific IP addrress (lets say 2.3.4.5)
in other words i need vip rule like below
my.wan.ip.addr --> 10.22.10.80 (TCP: 25 --> 25) | (this is ok)
my.wan.ip.addr —> 10.22.10.59 (TCP: 25 --> 25) srcip 2.3.4.5 | this is not ok
Please note that I have forwarding rule for SMTP service and it works well. All request to that service are forwarded to 10.22.10.80. This is ok. Now how to excuse a WAN IP by forwarding SMTP queries directly to my Exchange Server (10.22.10.59)
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I may be mistaken given Bob's post above, but I would have thought you could easily accomplish this. You simply need two different VIP objects and two different firewall rules. You already have half of it with the VIP that has 10.22.10.80 as the mapped IP, and your firewall rule that allows all traffic from the Internet to that destination. Your second VIP would need to be defined with a mapped IP of 10.22.10.59 (still port 25). Now you just need a firewall rule above your other firewall rule that looks for traffic from 8.8.8.8 and maps to the second VIP. Traffic sourced from other IPs won't match that and should fall to the next rule that has been working for you.
Let me know if this works, as it will be an interesting revelation to me if it doesn't. - Daniel
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With port forwarding, you can only have one SourceIP/port (socket) definition. You will have to find another mechanism to accomplish what you are trying to do. Try using 0.0.0.0 port 25 for the other.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I may be mistaken given Bob's post above, but I would have thought you could easily accomplish this. You simply need two different VIP objects and two different firewall rules. You already have half of it with the VIP that has 10.22.10.80 as the mapped IP, and your firewall rule that allows all traffic from the Internet to that destination. Your second VIP would need to be defined with a mapped IP of 10.22.10.59 (still port 25). Now you just need a firewall rule above your other firewall rule that looks for traffic from 8.8.8.8 and maps to the second VIP. Traffic sourced from other IPs won't match that and should fall to the next rule that has been working for you.
Let me know if this works, as it will be an interesting revelation to me if it doesn't. - Daniel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@agorwpatterson
I'd tried this approach before I started athreaf. So that didn't help.
@agolobstercreed to be honest I tried this approach as well. But this also didn't help me. You can try yourself on your firewall.
Seems Fortigate do not support this kinda port forwardings.
I already accomplished task by forwarding port 2525 to 25 on to 10.22.10.59. This is not what I wanted, but saved me, because the client uses a portion of code within the official website that sends mail with no Authentication when someone press send mail button
But in any way I wanted to know how to accomplish task I described way in the thread.
Related Posts
- Remote VPN Issue 106 Views
- Clone / Duplicate VDOM 57 Views
- Forward traffic from Fortigate not showing... 295 Views
- Packet duplication not done in session... 153 Views
- Connecting Two SIP Trunks with Different... 263 Views
Labels
-
FortiGate
6,503 -
FortiClient
1,298 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
413 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
261 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiGateCloud
87 -
FortiSIEM
86 -
FortiCloud Products
82 -
IPsec
70 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiAuthenticator
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Security profile
5 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.