Skip to main content
Techguy217
Techguy217
New Member
July 18, 2023
Question

Port 8013 for Forticlient

  • July 18, 2023
  • 3 replies
  • 9271 views

I have a couple questions in regards to the 8013 being open in fortigate for forticlient telemetry.

 

1. Should we have that open all of the time? That seems like a huge risk.

2. We did not have it always open before but recently, users are losing the remote access tab in forticlient when the 8013 policy is not enabled. If we enable it, the remote access tab immediately shows. 

3. The users have all connected to the vpn within the last week and we have the license removal set to max 90 days. 

 

Any ideas why this is happening all of a sudden?

3 replies

A
Anonymous_User
New Contributor III
July 19, 2023

Greetings of the day!


Port 8013 is used by FortiClient connecting to Security Fabric (FortiClient Telemetry).

FortiClient is checking if the gateway is a FortiGate, and if yes, it would try to connect to report some information (if FortiGate expects/allows this), so FortiGate would offer greater visibility of connected endpoints.


( references: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/529217

https://docs.fortinet.com/document/forticlient/7.2.0/ems-quickstart-guide/439480/required-services-and-ports ).


This port is opened automatically and I believe it can't be disabled ( you can close it using a local-in policy: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-open-ports/ta-p/189671 ).

It is required to be open (the port number can be customized, but a port needs to be open for FCT Telemetry) if you use the EMS. If you want to restrict access to this port for future use you'd have to restrict this to your endpoint IPs (which could be difficult as their IPs might be changing frequently).

Please check the below link for the open ports:- 

https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/303168/fortigate-open-ports

 

 

Regards

Priyanka

Techguy217
Techguy217Author
New Member
July 19, 2023

The problem is that we can disable the 8013 policy on our fortigate, and all of our forticlients do not lose the remote access, EXCEPT for people on 7.0.2 version of forticlient. All other versions stay connected fine and do not lose the remote access tab. 

 

It's like the 7.0.2 version is losing it's telemetry connection when the 8013 firewall policy is disabled, but all other versions don't lose the connection.

A
Anonymous_User
New Contributor III
July 20, 2023

Greetings of the day!

 

This could be because of the ZTNA implementation from 7. x onwards. In ZTNA telemetry sync is the key with EMS.

 

Regards

Priyanka

 

Techguy217
Techguy217Author
New Member
July 21, 2023

I'm still confused because this is only happening to our end users on 7.0.2. All versions after 7.0.2 can connect fine to the vpn without the firewall policy for 8013 on. It's like it's a telemetry bug with 7.0.2 only.

spicecourt
spicecourt
New Member
July 21, 2023

Keep in mind though that telemetry is also how you manage the client, so any configuration changes, your client would need to connect via VPN or come into the office to receive those updates. Any vulnerable workstation can’t tell you until they are in (so you cant action based upon that knowledge), and updates can’t get pushed, etc.

Terms & ConditionsAccessibility statement