Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fuss93
New Contributor

Created on ‎03-26-2021 01:31 AM

PORT 7450 and 20080 is closed

Good morning all,

I'm having trouble opening port 7450 and another port,

There are some that open that work fine but for ports 7450 and 20080 it refuses to open them even though I did the same for the ports that are open. I don't understand why it doesn't work.

What I did was a virtual IP address with my public IP address on my targeted local IP address and opened port 7450 and created a rule for that as well.

But when I go on tools to check port 7450 it is close

Thank you for your answers.

5995
0 Kudos
11 REPLIES 11
Toshi_Esumi
SuperUser
SuperUser

Created on ‎03-26-2021 10:52 AM

Does the destination IP live on the FGT? If not, it might be closed on the server/destination side.

3545
0 Kudos
Fuss93
New Contributor
In response to Toshi_Esumi

Created on ‎03-26-2021 12:40 PM

Hi, I'm sorry but what is FGT because the acronym in English is hard because I'm French I'm sorryv

3545
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Fuss93

Created on ‎03-26-2021 12:49 PM

I meant FortiGate. Some just use FG.

3545
0 Kudos
Fuss93
New Contributor
In response to Toshi_Esumi

Created on ‎03-28-2021 11:38 PM

Yes I use FG but 7450 and 20080 are not open

3545
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Fuss93

Created on ‎03-29-2021 07:55 AM

Then again, is it out-to-in or in-to-out? And the destination IP is outside of the FGT?

3545
0 Kudos
Fuss93
New Contributor
In response to Toshi_Esumi

Created on ‎03-29-2021 11:12 PM

it is incoming and outgoing call and the outgoing call points to an IP address outside the FTG

3545
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Fuss93

Created on ‎03-30-2021 08:10 AM

So this is for your phone system connected to a service provider on the Internet.

Did you configured a VIP for out-to-in traffic so the provider reaches the outside/public IP at the FGT then mapped to the server's local/private IP? I'm assuming you scanned the public IP from the Internet and found those ports closed, right? Then please share the vip config via CLI after masking public IP(s).

3545
0 Kudos
Fuss93
New Contributor

Created on ‎03-30-2021 11:16 PM

Hello,

Thanks for your reply and here is the screenshot and yes I have used the online tools which help me see if my port is closed :)

Preview file
24 KB
3545
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Fuss93

Created on ‎03-31-2021 08:16 AM

Then, as long as the policy that has this vip applied is allowing TCP 7450 and 20080 toward the interface the phone system is connected, and as long as the system is listening to the ports, those ports should show up as open when you scan the wan2's IP.

I would look at the phone system side. But to prove the FGT is passing the scan packets for those ports, you can sniff the inside port with 'host 192.168.0.178' while scan is happening. You should see them passing through.

If you can't see them, now you have to run "flow debug" to see why the FGT is dropping. You can find "how to" by simply putting "fortigate flow debug" in an internet search. You need to set filter with those ports.

If you're not comfortable doing it or don't have time, just open a ticket and get help from TAC.

3545
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.