Description
When performing content inspection (Anti-Virus, URL or email filtering...), the FortiGate scans traffic on protocol port numbers defined in a protection profile. The default values for the TCP ports to scan are :
| |
|
| |
|
HTTP
HTTPS
SMTP
POP3
IMAP
NNTP
FTP |
80
443
25
110
143
119
21 |
Other non-standard port numbers can be added for each protocol.
Solution
To add non-standard port in FortiOS v3.0, please check KB article 10965 - Performing antivirus scanning non-standard TCP ports
This is a CLI example to add TCP port 8080 for HTTP, in FortiOS 4.0 and above :
config firewall profile
edit "a_protection_profile"
config app-recognition
edit "http"
set port 8080
next
end
next
end
|
Note about HTTPS : If your FortiGate unit supports SSL content scanning and inspection, you must set HTTPS Content Filtering Mode to "Deep Scan" before you can configure additional HTTPS ports. Please refer to KB article FD31710 Technical Note : HTTPS Web URL Filtering or blocking to see if your FortiGate supports SSL inspection.
Related Articles
Performing antivirus scanning non-standard TCP ports
Technical Note: FortiGate HTTPS web URL filtering and HTTPS FortiGuard web filtering
