Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

wajih
New Contributor

Created on ‎03-07-2017 08:10 AM

how to block port scanning with fortiweb ?

Hi Guys,

My customer want to block the port scanning with his fortiweb (to protect his website), fortiweb can do that ?  any idea please  ?

Best Regards,

Wajih

Labels:
433
0 Kudos
1 Solution
jwhite_FTNT
Staff
Staff

Created on ‎03-07-2017 10:11 AM

Wajih,

Blocking Port Scanning is a network rule set and options will depend on how FortiWeb is deployed. The best option would be to place a FortiGate in front of the environment, but FortiWeb does have a basic firewall integrated that can be used to block any used data ports. The FWB network firewall is just not as robust or have the same rules options you would have on a true network firewall like a FortiGate. NOTE: FWB network Firewall is a newer feature, so your customer may need to perform a firmware upgrade if this option is not showing up as available. Help reference to this setting option: http://help.fortinet.com/fweb/570/index.htm#cshid=firewall_service

Jim

From: wajih ELMJENDEL via waf.pub [mailto:waf.pub@fuse-lists.fortinet.com]
Sent: Tuesday, March 07, 2017 1:10 PM
To: waf.pub@fuse-lists.fortinet.com
Subject: [waf.pub] - how to block port scanning with fortiweb ?


Hi Guys,

My customer want to block the port scanning with his fortiweb (to protect his website), fortiweb can do that ? any idea please ?

Best Regards,

Wajih

-----End Original Message-----

View solution in original post

429
0 Kudos
4 REPLIES 4
jwhite_FTNT
Staff
Staff

Created on ‎03-07-2017 10:11 AM

Wajih,

Blocking Port Scanning is a network rule set and options will depend on how FortiWeb is deployed. The best option would be to place a FortiGate in front of the environment, but FortiWeb does have a basic firewall integrated that can be used to block any used data ports. The FWB network firewall is just not as robust or have the same rules options you would have on a true network firewall like a FortiGate. NOTE: FWB network Firewall is a newer feature, so your customer may need to perform a firmware upgrade if this option is not showing up as available. Help reference to this setting option: http://help.fortinet.com/fweb/570/index.htm#cshid=firewall_service

Jim

From: wajih ELMJENDEL via waf.pub [mailto:waf.pub@fuse-lists.fortinet.com]
Sent: Tuesday, March 07, 2017 1:10 PM
To: waf.pub@fuse-lists.fortinet.com
Subject: [waf.pub] - how to block port scanning with fortiweb ?


Hi Guys,

My customer want to block the port scanning with his fortiweb (to protect his website), fortiweb can do that ? any idea please ?

Best Regards,

Wajih

-----End Original Message-----
430
0 Kudos
wajih
New Contributor
In response to jwhite_FTNT

Created on ‎03-07-2017 10:41 AM

thank you jim for your response, so we can block port scanning !!

wajih

429
0 Kudos
wajih
New Contributor
In response to jwhite_FTNT

Created on ‎03-07-2017 10:45 AM

jim, the goal is to block or to stop external probe on port 80 or 443 .

 

Wajih

429
0 Kudos
jwhite_FTNT
Staff
Staff
In response to wajih

Created on ‎03-07-2017 11:11 AM

Blocking a port scans would be an option on a gateway firewall to help prevent a source from scanning a single IP or network range probing to seeing which services are running within that target IP/network. After the run a port scan they often follow up with a service probe to see what is running on the identified running services. I suspect you are talking about blocking this second phase where the WAF blocks a source from scanning a web service. The behaviors like spiders/crawlers can be identified and blocked using the FortiWeb the Advanced Rules. They match on multiple conditions and then take an action. There are some predefined polices that you can use or clone to customized. These rules are very flexible and should meet your match condition requirements.

Reference Help Article: http://help.fortinet.com/fweb/570/index.htm#cshid=advanced_access_rule

[cid:image001.png@01D2975D.74B94FA0]

Let us know if this does not meet you customer’s request/requirements.

Kind Regards,

Jim

From: wajih ELMJENDEL via waf.pub [mailto:waf.pub@fuse-lists.fortinet.com]
Subject: [waf.pub] - RE: how to block port scanning with fortiweb ?


jim, the goal is to block or to stop external probe on port 80 or 443 .
429
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.