FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article explains why NMAP scan shows ports as filtered and not closed.
Solution When doing NMAP scan, FortiGate shows closed ports as filtered and not closed.
Example.
# config system interface edit "port1" set vdom "root" set ip 192.168.175.230 255.255.255.0 set allowaccess https http <----- No SSH access allowed on this port. set type physical set device-identification enable set role lan set snmp-index 10 next end
Doing NMAP scan, it shows as follow:
# nmap –sV 192.168.175.202 PORT STATE SERVICE 22/tcp filtered ssh 80/tcp open http 443/tcp open https
Despite the port closed on the interface, it shows up as filtered.
With NMAP scan, Filtered port means - The packet is simply dropped with no response (not even a RST).
On FortiGate it is possible to see that SYN packet is reaching, but FortiGate simply drops the packet and does not respond.
FGT # diag sniff packet any 'host 192.168.175.202 and port 22' 4 interfaces=[any] filters=[host 192.168.175.202 and port 22] 7.886505 port1 in 192.168.175.202.56080 -> 192.168.175.230.22: syn 332225684 8.886468 port1 in 192.168.175.202.56080 -> 192.168.175.230.22: syn 332225684 10.890375 port1 in 192.168.175.202.56080 -> 192.168.175.230.22: syn 332225684
