Technical Tip: Firewall - Customize default service ports
Description
This article describes the option that allows the default service port range to be customized from CLI.
Solution
- Before version 6.2.0, the default service port is 1-65535, so in case when client is generating traffic with source port as 0 then the traffic is not allowed by FortiGate.
- The minimum value down to 0 and a maximum value up to 65535.
Note:
This change takes effect on the TCP/UDP protocol.
This article describes the option that allows the default service port range to be customized from CLI.
Solution
- Before version 6.2.0, the default service port is 1-65535, so in case when client is generating traffic with source port as 0 then the traffic is not allowed by FortiGate.
# sh fu | grep default-service- With the introduction of command ‘default-service-source-port’ it allows to set new service port range that starts with 0 and ends with 65535.
set default-service-source-port 1-65535
- The minimum value down to 0 and a maximum value up to 65535.
# config system globalWhere <port range> is the new default service port range.
set default-service-source-port <port range>
end
Note:
This change takes effect on the TCP/UDP protocol.