Technical Tip: Confirming open ports on network device

To determine if a port is open for a configured VIP (Virtual IP address) object or a Firewall Internet IP address, conduct a network port test using the following methods:

1. Use online port checkers, such as CanYouSeeMe or Ping.eu, to test if the port is open and accessible from the internet.
   
   
    

   

2. Use the telnet command: Open a command prompt or terminal and type telnet public_ip port_number 
   Replace public_ip with the external IP address and port_number with the port opened or needed to be checked. If the connection is successful, the port is open.
   
   Telnet is sometimes not installed on Windows devices by default. It is possible to use PowerShell instead.
   The command would be tnc public_ip -p port_number.
   
   For an explanation of how telnet features can be installed on Windows machines, see Easy Ways to Enable Telnet Client in Windows 11 / 10 / 8 / 7.
   
   Note: Telnet only supports TCP; it is not recommended to use Telnet to verify if a UDP port is open on an interface such as 500/4500 (IKE).
   
   
3. Use Nmap: Nmap needs to be installed, run nmap -p port_number public_ip. This will show if the port is open or closed.
4. Perform local testing: If testing locally within the network, use netstat or similar tools to verify if the port is listening.

On the FortiGate, it is possible to view the listening ports by using the commands in this article:
Technical Tip: Interpreting TCP Ports FortiGate Listens On from the Output of diagnose sys tcpsock