Description

This article explains how to configure and add custom ports and port ranges into the predefined ISDB entries.

Scope

FortiGate.

Solution

Multiple ports can be configured as individual services if required.
Use the new CLI config firewall internet-service-addition command in system global to tune ISDB for the environment.

To add a custom port range in the global:

config firewall internet-service-addition
    edit 65646
        set comment "Add custom port-range:tcp/8080-8090 into 65646"
            config entry
                edit 1
                    set protocol 6   "to edit TCP custom port range"
                        config port-range
                            edit 1
                                set start-port 8080
                                set end-port 8090
                            next
                        end
                edit 2 
                    set protocol 17  "to edit UDP custom port range"
                        config port-range
                            edit 1
                                set start-port 9080
                                set end-port  9090 
                            next
                        end
                next
end

To execute internet-service refresh to apply the change:

FGT-201E (65646) # end

Warning: Configuration will only be applied after rebooting or using the 'execute internet-service refresh' command.

FGT-201E (global) # execute internet-service refresh

The Internet Service database is refreshed. To verify that the change was applied:

FGT-201E (global) # diagnose internet-service info FG-traffic 6 8080 2.20.183.160

Internet Service: 65646(Google.Gmail)
FGT-201E (global) #

Related article:

Technical Tip: Configuring a 'Custom Service' in FortiOS