FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the steps to add additional TCP / UDP ports in the child ISDB object
Scope
FortiGate
Solution
When modifying an ISDB object to add additional TCP/UDP ports using the CLI, if the changes are not reflected and the execution of the commands does not show any errors, it is likely that the ISDB object is linked to a parent object. To apply the changes to the child object, you need to modify the parent ISDB object. The changes will then automatically be reflected in the child object.
In the following example, to modify Microsoft-Azure.Front.Door (327993) ISDB object with TCP/UDP 80 and 443 ports only. Perform the changes in the parent ISDB Microsoft-Azure (327786) and then refresh the ISDB from the CLI to reflect the changes in the child object.
Add the custom ports in the parent ISDB:
config firewall internet-service-addition
edit 327786
config entry
edit 1
set protocol 6
config port-range
edit 1
set start-port 443
set end-port 443
next
edit 2
set start-port 80
set end-port 80
next
end
next
edit 2
set protocol 17
config port-range
edit 1
set start-port 443
set end-port 443
next
edit 2
set start-port 80
set end-port 80
next
end
next
end
next
end
Refresh the ISDB:
execute internet-service4 refresh
Verify the changes made in the parent ISDB and the child ISDB:
diagnose internet-service id 327993
diagnose internet-service id 327786
