FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ddsouza_FTNT
Staff
Staff
Article Id 198725
Description
This article describes how to forward NetBIOS requests to a WINS server connected to another subnet.

Scope
FortiGate or VDOM in NAT mode.

Solution
ddsouza_FD35077_denzil_2a.jpg

PC2 should be able to access PC1 located on another subnet by its NetBIOS name.
Policy is configured to allow the traffic from port2 to port1 subnet.

Open an SSH session to the FortiGate device and run the following commands to enable forwarding of NetBIOS requests to the WINS server 192.168.137.10.

config system interface
edit port2
set netbios-forward enable
set wins-ip 192.168.137.10
end

On PC2, ping PC1 by using its name and see whether NetBIOS name resolves to an ip address.

ddsouza_FD35077_denzil_2b.jpg

While starting a ping by using NetBIOS name from PC2 to PC1, take a sniffer or debug trace on the FortiGate to see if the traffic reaches and is forwarded out of port1.

id=20085 trace_id=419 func=resolve_ip_tuple_fast line=4310 msg="vd-root received a packet(proto=17, 192.168.80.20:137->192.168.80.255:137) from port2."
id=20085 trace_id=419 func=init_ip_session_common line=4438 msg="allocate a new session-02fc0729"
id=20085 trace_id=419 func=vf_ip4_route_input line=1599 msg="find a route: gw-192.168.137.10 via port1"
id=20085 trace_id=419 func=__iprope_tree_check line=534 msg="use addr/intf hash, len=2"
id=20085 trace_id=419 func=fw_forward_handler line=666 msg="Allowed by Policy-1:"
id=20085 trace_id=420 func=resolve_ip_tuple_fast line=4310 msg="vd-root received a packet(proto=17, 192.168.137.10:137->192.168.80.20:137) from port1."
id=20085 trace_id=420 func=resolve_ip_tuple_fast line=4348 msg="Find an existing session, id-02fc0729, reply direction"
id=20085 trace_id=420 func=vf_ip4_route_input line=1599 msg="find a route: gw-192.168.80.20 via port2"

ddsouza_FD35077_denzil_2c.jpg

Contributors