Port Forwards can have issues due to a variety of different factors such as the internal server blocking traffic, various network equipment not handling the requests properly, and misconfigured rules. Our ability to test them and troubleshoot issues requires viewing the traffic from the NGFW perspective as it attempts to reach the internal server(s), as well as from the testing client's perspective on what occurs.
How can I test them?
The two utilities best used in conjunction for this testing are telnet and a packet capture (packet test on the NGFW, under Config > Network > Troubleshooting). We will specify what incoming traffic to view based on the testing host's IP address, and the port it is attempting to enter on. Then, we will attempt a telnet connection to the specified External IP address on the specified port. Below is an example of testing a Port Forward on port 443, with both the packet capture results, as well as the telnet attempt.
NOTE: The IP addresses have been blacked out for security purposes.
Successful Telnet from Client:
Traffic from the Successful Connection: