Fortigate 50B (Cant activate/enable custom service "PORT")
Hello Experts,
I have very strange issue with Fortigate 50b IPS.
I have Kerio Connect mail server in my company, Yesterday i created firewall polikcy for it with ports as explained, my problem is custom Services/ports. I have created IMAPS/993 service/port added it to the policy but firewall dropping it. Actually firewall drops all custom services/ports i made. Predefined Services/ports work good.
Ideas? Why custom Services/ports not work?
Please help.
Thank you,
Dan
Service (default port) Outgoing connection Incoming connection
SMTP (25) allow allow
SMTPS (465) allow allow
SMTP Submission (587)[a] allow allow
POP3 (110) allow deny
POP3S (995) allow allow
IMAP (143) allow deny
IMAPS (993) allow allow
NNTP (119) allow deny
NNTPS (563) allow allow
LDAP (389) allow deny
LDAPS (636) allow allow
HTTP (80, 4040, 8800) allow deny
HTTPS (443, 4040, 8443) allow allow
I have very strange issue with Fortigate 50b IPS.
I have Kerio Connect mail server in my company, Yesterday i created firewall polikcy for it with ports as explained, my problem is custom Services/ports. I have created IMAPS/993 service/port added it to the policy but firewall dropping it. Actually firewall drops all custom services/ports i made. Predefined Services/ports work good.
Ideas? Why custom Services/ports not work?
Please help.
Thank you,
Dan
Service (default port) Outgoing connection Incoming connection
SMTP (25) allow allow
SMTPS (465) allow allow
SMTP Submission (587)[a] allow allow
POP3 (110) allow deny
POP3S (995) allow allow
IMAP (143) allow deny
IMAPS (993) allow allow
NNTP (119) allow deny
NNTPS (563) allow allow
LDAP (389) allow deny
LDAPS (636) allow allow
HTTP (80, 4040, 8800) allow deny
HTTPS (443, 4040, 8443) allow allow
ASKER
Chakko, nnnno, see attached. 
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Firewall should listen to some specific external port and redirect it to internal not to a range? Am i wrong?
ASKER
CHAKKO
Or god, it is so strange man, but you right :)
Thank you!!!
Or god, it is so strange man, but you right :)
Thank you!!!
ASKER
Thank you!!!
Do you want a connection from the internet (POP3) TCP 110 to come into your firewall and then go to your Kerio mail server?
You need to Create a Virtual IP setup for that and use that Virtual IP in your firewall Rule. In the Virtual IP setup you specify the port. Then in the firewall rule you can leave ANY for the service or use your Custom service (port), but since the Virtual IP setup specifies the Port already, the firewall rule can use ANY
You need to Create a Virtual IP setup for that and use that Virtual IP in your firewall Rule. In the Virtual IP setup you specify the port. Then in the firewall rule you can leave ANY for the service or use your Custom service (port), but since the Virtual IP setup specifies the Port already, the firewall rule can use ANY
ASKER
CHAKKO,
Thanks man, but Virtual IP configured, that was the easiest thing. I had a problem only with Services/Ports.
Thanks again.
Thanks man, but Virtual IP configured, that was the easiest thing. I had a problem only with Services/Ports.
Thanks again.
Is that what you did?