HOWTO: Configure your Fortinet Firewall

This page will guide you through the configuration of a Fortinet firewall to get the best performances out of reemo and allowing you and your users to get a direct/udp connection with Reemo.

Get started

To get started, connect on the web administrator console

Firewall Objects

Under Firewall Objects, open the Address > Addresses menu

Add a new Address for Turn1 Reemo Server

  • Name : Reemo_TURN1

  • Type : FQDN

  • FQDN: turn1.reemo.io

../_images/fortinet_turn1.png

Add a new Address for Turn2 Reemo Server

  • Name : Reemo_TURN2

  • Type : FQDN

  • FQDN: turn2.reemo.io

../_images/fortinet_turn2.png

Add a new Address for Signal Reemo Server

  • Name : Reemo_Signal

  • Type : FQDN

  • FQDN: signal.reemo.io

../_images/fortinet_signal.png

Services

Under Firewall Objects, open the Service menu

Add a new Service for Reemo UDP443

  • Name : Reemo_UDP443

  • Service type : Firewall

  • Protocol Type : TCP/UDP/SCTP

  • Protocol: UDP

  • Destination Port Low : 443

../_images/fortinet_udp443.png

Add a new Service for Reemo Protocol IN

  • Name : Reemo_Protocol_in

  • Service type : Firewall

  • Protocol Type : TCP/UDP/SCTP

  • Protocol: UDP

  • Destination Port Low : 58200

  • Destination Port High : 58400

../_images/fortinet_reemoprotocol_in.png

Add a new Service for Reemo Protocol OUT

  • Name : Reemo_Protocol_out

  • Service type : Firewall

  • Protocol Type : TCP/UDP/SCTP

  • Protocol: UDP

  • Destination Port Low : 1024

  • Destination Port High : 65535

  • Source Port Low : 58200

  • Source Port High : 58400

../_images/fortinet_reemoprotocol_out.png

Common Policy

Under Policy, Add a new Policy for the TURN Servers

  • Policy Type : Firewall

  • Policy Subtype : address

  • Source Address : LAN

  • Destination Address : Reemo_TURN1 , Reemo_TURN2

  • Service : Reemo_UDP443 , Reemo_Protocol_in

  • Action : ACCEPT

../_images/fortinet_reemoturn.png

if you have a recent Fortinet, enable the Preserve Source Port option

../_images/fortinet_policy_recentnat.png

Add a new Policy for the Signal Servers

  • Policy Type : Firewall

  • Policy Subtype : address

  • Source Address : LAN

  • Destination Address : Reemo_Signal

  • Service : HTTPS

  • Action : ACCEPT

../_images/fortinet_policy_signal.png

Policy - Reemo Side

../_images/firewall_reemoside.png

Add a new Policy

  • Policy Type : Firewall

  • Policy Subtype : address

  • Source Address : LAN

  • Destination Address : any

  • Service : Reemo_Protocol_out

  • Action : ACCEPT

../_images/fortinet_policy_reemoside.png

if you have a recent Fortinet, enable the Preserve Source Port option

../_images/fortinet_policy_recentnat.png

Policy - Overview

../_images/fortinet_policy_reemoside_overview.png

Policy - Browser Side

../_images/firewall_browserside.png

Add a new Policy

  • Policy Type : Firewall

  • Policy Subtype : address

  • Source Address : LAN

  • Destination Address : any

  • Service : Reemo_Protocol_in

  • Action : ACCEPT

../_images/fortinet_policy_reemobrowser.png

if you have a recent Fortinet, enable the Preserve Source Port option

../_images/fortinet_policy_recentnat.png

Policy - Overview

../_images/fortinet_policy_reemobrowser_overview.png