FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
btey
Staff
Staff
Description
This article discusses about:

- Usage of Tcp/8900 on FortiGate.
- Method to show the listening port on FortiGate and configuration.
- Method to disable the port Tcp/8900.

Solution
FortiGate will listen to port Tcp/8900 when FortiGate is configured with VPN IPSEC FortiClient to distribute VPN settings to FortiClients.

To check if the firewall is configured with VPN IPSEC FortiClient:
# show vpn ipsec forticlient
To show the listening port Tcp/8900 on FortiGate:
# diagnose sys tcpsock | grep 8900
Sample output:
0.0.0.0:8900->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
To disable the port Tcp/8900: (* if VPN settings distribution to authenticated FortiClient installations is not required.)
# configure vpn ipsec forticlient
    delete <realm name>
end
Related document.
https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/227667/vpn-ipsec-forticlient


Related Articles

Technical Note: Traffic Types and TCP/UDP Ports used by Fortinet Products

Contributors