FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
frottier
Staff
Staff
Description
FortiOS proposes several services such as SSH, WEB access, SSL VPN, IPsec VPN.  There is a CLI command and an option in the GUI which will display all ports that are offering a given service.

Solution
In the CLI type the following command:
#diagnose sys tcpsock | grep 0.0.0.0

0.0.0.0:709->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1000->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1001->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1002->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1003->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1004->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1005->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1006->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:80->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1011->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1012->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:53->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1013->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:22->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1014->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:23->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1015->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1016->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1017->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1018->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:2650->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:443->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1019->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:7900->0.0.0.0:0->state=listen err=0 sockflag=0x2 rma=0 wma=0 fma=0 tma=0
0.0.0.0:1020->0.0.0.0:0->state=listen err=0 sockflag=0x8 rma=0 wma=0 fma=0 tma=0
0.0.0.0:541->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0

Open ports can also be enabled and viewed via the GUI:

Activate the Local In Policy view via System > Config > Features, Toggle on Local In Policy in the Show More menu.

frottier_FD39969_tn_FD39969-1.jpg
Go to Policy & Objects > Local In and there is a overview of the active listening ports.

frottier_FD39969_tn_FD39969-2.jpg

Related Articles

Technical Note: Traffic Types and TCP/UDP Ports used by Fortinet Products

Contributors