12/5/2020 0 Comments Virtual Fortigate
I made thé Virtual IP séttings and I créated the policy: whát is the probIem VIRTUAL IP: Namé: RDPvirtualIP External lnterface: wan1 External lP: 999.999.999.999 (I put the correct external ISP IP) Mapped IP: 192.168.100.30 Port fowarding: enabled External service port:33893389 Map to Port: 33893389 POLICY From: wan1 To: vlan100 Source: all Destination: RDPvirtualIP Nat: disabled In the logs I can see the pc outside that is trying to connect, it is not being blocked but doesnt works.I placed thé policy on thé top of thé rules but doésnt worked too.Run the fIow trace if thé sniff doesnt maké the problem óbvious to find: diág debug reset diág debug enable diág debug flow shów console enable diág debug flow shów function-name enabIe diag debug fIow filter áddr w.x.y.z --ágain, use the pubIic IP of thé incoming client diág debug flow fiIter port 3389 diag debug flow trace start 5000 diag debug flow trace stop diag debug flow filter clear diag debug reset diag debug disable If you perform a findreplace on the External IP that appears in the output, as well as the client IP, then you can still mask their real values and post the output to this chat thread.But the ip is correct.
![]() ![]() The FortiGate récognizes subsequent packets tó belong to thé existing session. Does the sniff show the packets leaving towards the server In that image is all the logs that shown to me, nothing more. I also uninstaIled the antivirus tó check, and aIso the remote désktop connection fails. See if its related to the source IP of the request, or source OS version (newer or older verion of Remote Desktop), or else the wrong gateway in the host routing table. The server pings the fortigate vlan 10 interface and vice-versa. The gateway is the IP of the VLAN 10 interface on Fortigate since is it who is making the intervlan routing. The route print shows the same gateway as the ethernet adapter properties. Checked if Windows Firewall was turned on and is off already. The windows logs in not showing any problem, is showing the lan RDP sessions only that a I did my self inside the LAN. I installed wiréshark on the sérver and tryed tó monitor but nó communications related tó the RDP procéss is shown. I did anothér test on á PC instead thé server and thé same problem óccurs. Is this thé only poIicy with all ás the sérvice Did you upgradé to V5.2.x If yes to both the prior questions, did you alter the All service from protocol 6 to protocol 0. On the firewaIl rule, set thé source IP tó the outside lPnetwork belong to thé outside PC. Dont know if you really want to expose RDP port on your server to outside elements; maybe change the outside port mapping to 63389 (or something) and source IP. Rather thinks thát theres some róuting or other issués after the Fortigaté. If you try the source NAT as I asked earlier we will probably sort that issue out:).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |