Skip to main content
JACKINLI
JACKINLI
Visitor III
March 11, 2024
Question

Questions about FortiGuard 8015 port exposure

  • March 11, 2024
  • 3 replies
  • 7132 views

We have such a problem now,

We are a branch company , when our headquarters company swept the public network IP and exposed ports, they swept to this port (8015).

So , we not want other public networks (except FortiGuard) can access our 8015 port.

Do you have any good suggestions or solutions ?

FortiGuard 

3 replies

AEK
SuperUser
AEK
SuperUser
March 11, 2024

Local-in policy is used for that purpose.

config firewall local-in-policy

However it doesn't support ISDB as source address, so the idea is to get the IP range or FQDN that you allow to access this port. You can open a ticket to ask Fortinet support to provide you with the FortiGuard related source addresses.

AEK
    JACKINLI
    JACKINLIAuthor
    Visitor III
    March 12, 2024

    OK , thanks , I have opened a case , but the reply there is relatively slow . They said the FortiGuard server does not have a specific address table.

    AEK
    SuperUser
    AEK
    SuperUser
    March 12, 2024

    Then you have 3 options:

    • Disable it as suggested by @hbac if you don't need it
    • Use local-in-policy with GeoIP address object to limit access to this port
    • Leave it open if the two above options are not possible
    AEK
      hbac
      Staff
      hbac
      Staff
      March 11, 2024

      Hi @JACKINLI,

       

      Port 8015 is used by the FortiGate to authenticate with FortiGuard when a https override request occurs in flow mode (FortiGuard web filter https override authentication). If you don't use that feature, you can disable it. Please refer to https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Resolve-issue-web-filter-block-override-and/ta-p/193291

       

      Regards,

        JACKINLI
        JACKINLIAuthor
        Visitor III
        March 12, 2024

        Excuse me, when communicating with FortiGuard of Fortinet, can we set the policy of interacting with FortiGuard to a certain source address, such as does FortiGuard have a specific address table? 

        We will use this 8015 port , but we don't want the public network to scan this 8015 port . How can we do it ? If FortiGuard has a specific address table , it can be achieved.

        ZenSecure
        ZenSecure
        New Member
        April 8, 2024

        I find it disconcerting that these new "Features" happen with no notice or warning until they show up on a vulnerability scan or external audit.  For a security company the lack of change management and Q&A exhibited by Fortinet lately is extreme.  The solutions offered to this issue are not solutions, they are saying turn it off if it's not in use or change the port it's mapped to, which doesn't change the outcome.

        AEK
        SuperUser
        AEK
        SuperUser
        April 8, 2024

        Unfortunately this is IT, there must be bugs and vulnerabilities, and each time we need to find the best workaround until the fix is released.

        AEK
        Terms & ConditionsAccessibility statement