- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- WAKE ON LAN FORTIGATE 60B
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 01-26-2011 05:18 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
WAKE ON LAN FORTIGATE 60B
HOW to make this funcion work?
I want to wake on lan my computer in work from my home??
I Forward port 9 in FIREWALL--->VIRTUAL IP . bUT I can' t wake my comp.
Application in home write magic pocket send but nothing happen in work.
Of course I set my work ip and port in application in home.
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AFAIK WoL uses a specific MAC-Address (not IP Address)to send the magic packet to.
Therefore it will only work in your local subnet and not over Internet.
There are (according to google) WoL Proxys, but it is not implemented in the Fortigate.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
WOL does work over the internet.
I have sucessfully done it years ago by using the web WOL on dslreports, but the system tested was not behind any firewall.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I decided to test this, and yes it can be done. Wake-on-LAN packets can be sent to the local subnet, broadcast to another subnet, or directed unicast to a specific IP (the tool used to send the WOL packet must support the Unicast option). It also allows you to select a destination (UDP) port for the packet.
You can create a Virtual IP to translate the UDP port to the internal IP. The magic packet will then be forwarded by the firewall to the IP and must contain the correct MAC address for the internal device. However, the internal device must be on and responding before the Virtual IP will work as the FortiGate must have seen the MAC address to update its arp table and cache the entry for VIP use. I don' t know how long it remains cached but it still works even after manually clearing the arp table on the FortiGate.
Alternately, you can have the virtual IP directed to the broadcast address of the internal subnet. This would allow magic packets directed to any device in the subnet. This requires a configuration change:
config system interface
edit <external_intf_name>
set broadcast-forward enable
end
However, notes from the FortiGate docs regarding broadcast-forward:
" Use with caution. Enabling this option may make the FortiGate
unit vulnerable to broadcast-based DoS attacks such as ping
floods."
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wake-on-LAN packets can be sent to the local subnet, broadcast to another subnet, or directed unicast to a specific IP (the tool used to send the WOL packet must support the Unicast option). It also allows you to select a destination (UDP) port for the packet.This caveat is quite important - only Data Link is mandatory for WOL - IP and UDP are optional. IP was proposed by AMD/IBM to carry a Subnet-Directed broadcast address allowing traversal of routers that permit it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, and did it work? Where can you setup the MAC address for the computer you need to wake it up? What menu?
The most expensive and scarce resource for man is time, paradoxically, it' s infinite.
The most expensive and scarce resource for man is time, paradoxically,
it' s infinite.
Not applicable
Created on 02-16-2011 01:47 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I also tested this configuration for a customer.
It works well in " internal" or " external" (via internet) configuration with the command " set broadcast-forward enable" ON
Check also the policy when you test this feature.
You can view the request with this CLI commands :
diag debug enable
diag debug flow filter port " Remote_port_WoL"
diag debug flow show console enable
diag debug flow trace start xxxx
Many thanks Jmac ;-)
With regards,
Ju
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this KB entry helped me once:
http://kb.fortinet.com/kb/dynamickc.do?cmd=show&forward=nonthreadedKC&docType=kc&externalId=FD30104&sliceId=1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
Today made my mind to make this work.
I started with dowloading a free WOL Software from the mighty Solarwinds. It worked from the same LAN, but no luck from outside.
I VIP UDP 7, saw traffic coming on external interface but nothing more:
diagnose sniffer packet any ' port 7'
interfaces=[any]
filters=[port 7]
18.561798 53.24.161.14.25362 -> 128.22.113.101.7: udp 102
18.562581 53.24.161.14.25362 -> 128.22.113.101.7: udp 102
I enabled broadcast-forward on wan1 interface and also created a static ARP for my internal IP:
config system arp-table
edit 12
set interface " internal"
set ip 192.168.26.32
set mac 00:c4:93:a2:ae:e2
next
end
No luck. Then I installed some application from Android and worked as a charm. It is called: Wol Wake on Lan.
All it' s required is to FWD UDP 9:
edit " Wol9"
set extintf " wan1"
set portforward enable
set mappedip 192.168.26.32
set protocol udp
set extport 9
set mappedport 9
next
and to create a static ARP entry so Fortigate will always know the MAC and IP of your computer (even when it is shutdown).
Good luck to all!
P.S. the IP and MAC from this example are fictive so don' t try to use them.
The most expensive and scarce resource for man is time, paradoxically, it' s infinite.
The most expensive and scarce resource for man is time, paradoxically,
it' s infinite.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
excellent info!!
Related Posts
- Split Tunnel with SSL VPN and... 41 Views
- BGP Peering - My Fortigate -... 53 Views
- FortiGate SSL / Integration with Azure... 28 Views
- Fortigates with PPPoE WAN suddenly need... 91 Views
- Remote VPN Issue 66 Views
Labels
-
FortiGate
6,482 -
FortiClient
1,293 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
413 -
5.6
362 -
FortiSwitch
331 -
FortiAP
330 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
86 -
FortiCloud Products
82 -
FortiToken
69 -
IPsec
69 -
Customer Service
69 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
57 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
FortiAuthenticator
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSID
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSL SSH inspection
5 -
Security profile
5 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
NAC policy
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.