Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
shahv
Staff
Staff

Created on ‎05-26-2020 02:14 AM

Article Id 189671

Technical Tip: How to block open ports

Description
This article describes how to block open ports on the FortiGate.

Solution
Below are the ports/protocols that are opened by design.

Ports.
500 & 4500 - VPN
1144 - Fusion Script
3799 - RADIUS dynamic Auth
520 - RIP
3784 - BFD Control Protocol
Protocols.
2 - IGMP (Internet Group Management)
89 - OSPFIGP
112 - VRRP
103 - PIM (Protocol Independent Multicast)

For Example if the RIP protocol is not used , create a service for the specific port and create local in policy with corresponding service

From CLI.

To block any port, follow the below steps to add a local policy to deny traffic.

Create service with the port.
# config firewall service custom
    edit "RIP"
    set category "General"
    set udp-portrange 520
next
end
 Add the local policy.
# config firewall local-in-policy
    edit 1
        set intf "any"
        set srcaddr "all"
        set dstaddr "all"
        set service "RIP"
        set schedule "always"
    next
end
Local-in policies are used to close open ports or otherwise restrict access to FortiGate.

14567
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.