Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

YannN_Gu
New Contributor II

Anticipated TCP 3 handshake

Hello Guys;

This is my first post (so please don't be too hard on me)

We noticed a strange behavior with our FORTIGATE 100 E when trying to a NMAP to an external server outside our network.

It's seems that the FORTIGATE do  a TCP 3 way handshake with our internal PC  (inside our LAN) before sending the packet to the external server (and in this case the external server respond with a RST or doing the real 3 way handshake with the FORTIGATE)

we have this kind of behaviour when we scan TCP/2000 

We suspect the PROXY MODE and also the session helper, 

Did someone have any idea ??

Regards,
1 Solution
VinaPolu
Staff
Staff

Hi,

This is an expected behavior on any FireWall  when you do NMAP scan on TCP/2000 which is a SCCP port

TCP port 2000 as Skinny Client Call protocol (SCCP) traffic. SCCP is a Cisco proprietary protocol for VoIP.

So we do not recommend to do NMAP test on ports like(SCCP/SIP)  TCP 2000, TCP 5060, 5061




Technical Note: FortiGate is not forwarding TCP ports 5060, 5061 and 2000

https://kb.fortinet.com/kb/documentLink.do?externalID=FD36152

 

Technical Note: Disabling VoIP Inspection

https://kb.fortinet.com/kb/viewContent.do?externalId=FD36405&sliceId=1

 
Thanks,
Vinay

View solution in original post

2 REPLIES 2
VinaPolu
Staff
Staff

Hi,

This is an expected behavior on any FireWall  when you do NMAP scan on TCP/2000 which is a SCCP port

TCP port 2000 as Skinny Client Call protocol (SCCP) traffic. SCCP is a Cisco proprietary protocol for VoIP.

So we do not recommend to do NMAP test on ports like(SCCP/SIP)  TCP 2000, TCP 5060, 5061




Technical Note: FortiGate is not forwarding TCP ports 5060, 5061 and 2000

https://kb.fortinet.com/kb/documentLink.do?externalID=FD36152

 

Technical Note: Disabling VoIP Inspection

https://kb.fortinet.com/kb/viewContent.do?externalId=FD36405&sliceId=1

 
Thanks,
Vinay

YannN_Gu
New Contributor II

Hello,
Thanks Vinay