Is it possible to send a magic packet (WOL) from a fortinet firewall? I read the manual but couldn't find anything, just wondering if anyone achieved something similar.
I'm connecting through an SSLVPN so would need some way of waking my computer up. Being that it is an SSLVPN I can't send the packet from my own desktop to the target machine I want to wake.
Any ideas?
I have no experience with Fortinet gear, but if the WoL Packet generation is unsupported by the router in question, the commonly taken approach would be to generate the packet on a different network and let it get routed to the destination. The generating host does not have to be your machine - it can be any host capable of sending packets to the destination network.
How to generate a WoL packet destined for a foreign network
WoL is quite protocol-agnostic, so basically any broadcast frame meeting the specific criteria would do. As you need the packet routed, the UDP protocol is the obvious choice - it is encapsulated in IP and thus routable, it is connectionless and thus broadcastable.
Generation of UDP WoL packets would require a utility which is able to craft a packet with a specific destination address. Many utilities available would just send a raw Ethernet frame to a local network so they would not meet the requirements.
For Linux, there is the
wol
utility which can do this. For Windows, Gammadyne'swol.exe
would do pretty much the same.You also would need to configure your Fortinet router accordingly using one of these choices:
1. Routing a directed broadcast packet
A "directed" broadcast would be a packet destined for a foreign IP subnet which would be addressed to that subnet's broadcast IP address and sent out as a broadcast by the last hop in the routing path. E.g.: your client subnet is 192.168.10.0/24, you would generate a WoL UDP packet to 192.168.10.255 and get it routed, your last routing hop would send it as a broadcast over the interface connected to the 192.168.10.0/24 network.
According to the reference documentation, FortiOS command for enabling directed broadcast forwarding would be
config system interface edit <interface_name> set broadcast-forward enable
2. Using port forwarding to a broadcast address
If you definitely can't directly route to the destination for one reason or the other, creating a UDP port forwarding rule from the reachable interface at an arbitrary port to your designated network's broadcast IP address (e.g. 192.168.10.255) and an arbitrary destination port should get you what you wanted. Possible that you would need to set
broadcast-forward
toenable
for this to work as well.You may prefer to use a static ARP entry to solve this problem. Basically, you reserve an IP address for WOL purposes, create a static ARP entry for that IP with a MAC of FF:FF:FF:FF:FF:FF and you can then send a magic packet with any of your PC's MAC addresses to that special IP address. See this fortinet kb article for details