Technical Tip: How to customize FortiGate protocol options for applications that use non-standard ports
| Description | This article explains how to customize FortiGate protocol options using the GUI and CLI if applications that need to be inspected are using non-standard ports. |
| Scope | All supported versions of FortiOS. |
| Solution | Note: For the purpose of this article, the SMTP port will be changed to a non-standard TCP port of 2525.
Below are the necessary configuration steps if using the FortiGate GUI:
Go to Policy & Objects -> Protocol Options and select 'Create New'. (The default profile is read only.)
On the 'New Protocol Options' page, enter a name for the new profile in the 'Name' field, and add any comments in the 'Comments' field if required. For the purpose of this article, the new profile will be named 'Test', and a comment of 'Change SMTP port to 2525' will be entered.
In the 'Protocol Port Mapping' section, in the port field for the 'SMTP' protocol, change the port from the standard port of '25' to the non-standard port of '2525' and select 'OK' to save the change.
Note: For the change to take effect, the newly created Protocol Options profile will need to be configured on a firewall policy:
Go to Policy & Objects -> Firewall Policy and either edit an existing firewall policy or create a new one, and in the 'Firewall/Network Options' section, click in the field next to 'Protocol Options' and select the newly created profile from the drop-down list and select 'OK' to save the change.
Note: Protocol Options are VDOM specific so ensure that the configuration is performed in the required VDOM if VDOMs are enabled.
config vdom config smtp end next end
The following are the necessary configuration commands to add the newly created protocol options profile to a firewall policy if using the FortiGate CLI:
config vdom next next end |
