Skip to main content
mikeymouse
mikeymouse
New Member
January 6, 2022
Solved

Port 8013 causing PCI compliance failure

  • January 6, 2022
  • 3 replies
  • 4649 views

Hi, relatively new to the world of PCI compliance as well as certificates and need some advice. A PCI scan continues to fail with the certificate connected with port 8013 being the issue. I cannot for the life of me find the service that runs on that port to either shut it off or correct the certificate issue. Any help is greatly appreciated.pci failure.PNG

Best answer by andrewbailey

Hi mikeymouse,

 

The ports used by FortiOS can be found in the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.0/fortios-ports/637075/incoming-ports

 

It lists port 8013 as being used by FortiClient for "Compliance and Security Fabric".

 

If you aren't using FortiClient (and dont plan to) then you should be able to turn this off via change to the "local in" policy.

 

Again, there is some guidance on the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.3/administration-guide/363127/local-in-policies

 

I hope that's enough to help you resolve your issues!

 

Kind Regards,

 

 

Andy.

3 replies

andrewbailey
andrewbaileyAnswer
New Member
January 6, 2022

Hi mikeymouse,

 

The ports used by FortiOS can be found in the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.0/fortios-ports/637075/incoming-ports

 

It lists port 8013 as being used by FortiClient for "Compliance and Security Fabric".

 

If you aren't using FortiClient (and dont plan to) then you should be able to turn this off via change to the "local in" policy.

 

Again, there is some guidance on the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.3/administration-guide/363127/local-in-policies

 

I hope that's enough to help you resolve your issues!

 

Kind Regards,

 

 

Andy.

Debbie_FTNT
Staff & Editor
Debbie_FTNT
Staff & Editor
January 7, 2022

To elaborate on Andrew's response, if you don't use FortiClient or FortiAP, you can disable (depending on your FortiGate firmware version) either disable FortiTelemetry or Security Fabric (which is FortiTelemetry and CAPWAP bundled) on the interface(s). If you do use FortiAPs for wireless stuff, and only have the Security Fabric option, you can't disable it. In that case a local-in policy as Andrew advised is your best option.

 

Cheers!

mikeymouse
mikeymouseAuthor
New Member
January 7, 2022

Thanks, the local in policy solved my issue then. I appreciate the responses!

Terms & ConditionsAccessibility statement