By default, FortiGate units do not accept remote administrative access except by HTTPS connections on TCP port 443 to the default internal network interface for that FortiGate model. Restricting administrative access by default helps to ensure that only you can change your firewall policy and other security configurations. It also improves security of the FortiGate unit itself by reducing the number of ports that potential attackers can discover by network probes and port scans, a common method of discovering open ports for denial of service (DoS) attacks.
TCP port 113 (Ident/Auth) is an exception to this rule. By default, FortiGate units receiving an ident request on this port respond with a TCP RST, which resets the connection. This prevents delay that would normally occur if the requesting host were to wait for the connection attempt to time out.
This port is less commonly used today. If you do not use this service, and you prefer to make your FortiGate unit invisible to probes, you can disable TCP RST responses to ident requests and subject those requests to firewall policies, and thereby close this port.
|Steps or Commands||
To disable TCP RST responses to ident/auth requests