Hot!Port Forwarding - odd behaviour

Author
net_numpty
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/07/20 05:09:08
  • Status: offline
2020/07/20 05:17:53 (permalink)
0

Port Forwarding - odd behaviour

Hi Brains Trust, 
 
I have been working on this for hours and have tried all sorts of combinations of configuration to no avail.
 
I have a Fortigate 30D running 5.4.4 and I want to port forward 80 and 443 to my internal web server. I have other port forwards working to other servers successfully. I have configured port 80 in the same manner and I cannot access the web server externally. 
 
As a test I have set up a listener on the web server to port 81 and configured the firewall to forward port 81. It Works! I set it back to port 80, it doesn't work.
 
What am I missing?
#1

6 Replies Related Threads

    lobstercreed
    Gold Member
    • Total Posts : 251
    • Scores: 32
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: Port Forwarding - odd behaviour 2020/07/20 08:06:59 (permalink)
    5 (1)
    A couple possibilities come to mind, but the basic premise is this: something else is listening on port 80.  Either another VIP object or possibly if you have HTTP set to automatically redirect to HTTPS and have HTTPS listening on your WAN interface, and that is the same IP you're trying to forward?
    #2
    live89
    Silver Member
    • Total Posts : 84
    • Scores: 6
    • Reward points: 0
    • Joined: 2016/05/11 07:20:42
    • Status: offline
    Re: Port Forwarding - odd behaviour 2020/07/20 10:05:42 (permalink)
    5 (1)
    I agree with Daniel. start from there.
    If still nothing, follow this article:
    https://kb.fortinet.com/kb/documentLink.do?externalID=FD45731
     

    Thanks
    #3
    net_numpty
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/07/20 05:09:08
    • Status: offline
    Re: Port Forwarding - odd behaviour 2020/07/20 12:26:13 (permalink)
    0
    Thanks for the reply. That's what I'm thinking but I can't work out what it would be. I have change the default admin port numbers for HTTP and HTTPS but remote access is disabled. No other VIPs are using port 80. SSH and FTP works to the same server, just not HTTP. 
     
    As a test I changed the VIP and redirected port 8080 externally to port 80 internally and it works. I also change the admin HTTP port to port 8080 as well just to see if that's what is causing the issue. Still works, I can hit the web server. This is doing my head in. It should be something simple. 
    #4
    net_numpty
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/07/20 05:09:08
    • Status: offline
    Re: Port Forwarding - odd behaviour 2020/07/20 12:28:34 (permalink)
    0
    Thanks for your reply. 
     
    You're both right, that is the most logical explanation, I just can't work out what would be using port 80. Thanks for the KB article, I'll have a look at it now.
    #5
    net_numpty
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/07/20 05:09:08
    • Status: offline
    Re: Port Forwarding - odd behaviour 2020/07/20 12:56:37 (permalink)
    0
    Thanks again for your replies. 
     
    The problem seems to have gone away. The only thing that I changed was changing the Central Management from FortiCloud to None. However, changing it back to FortiCloud it still works.
     
    I think something must have got bound by a gremlin that has since cleared. 
     
    I appreciate your prompt responses to my query.
    #6
    Dave Hall
    Expert Member
    • Total Posts : 1711
    • Scores: 174
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: online
    Re: Port Forwarding - odd behaviour 2020/07/20 13:49:37 (permalink)
    0
    Keep in mind that by default the fgt will listen on port 80, 443 for admin access regardless on which interface you use to connect to to it.  If you want to set up port forwarding to those ports from outside (WAN), you need to change the admin access ports to something else.  eg.
     
    config system global
    set admin-sport 8443
    set admin-port 8080
    end


    Edit: funny how refreshing the forum post doesn't show all of the past follow ups in the thread.
     
    post edited by Dave Hall - 2020/07/20 13:53:13

    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
    #7
    Jump to:
    © 2020 APG vNext Commercial Version 5.5