FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This Article describes a situation where a user is performing a regular network external scanning after upgrading the firewall to v7.0.14 and port 8015 is showing open although it wasn't showing open before the upgrade
Scope
FortiGate.
Solution
Port 8015 is typically used by FortiGate to authenticate FortiGuard when an HTTPS override request occurs in flow mode. Starting from v7.0.14, as long as the block page is enabled in one active UTM profile and the embedded image is disabled, or web filter override is configured, the IPS engine would listen to port 8015.
To resolve this issue , the user can do the following :
Change 'ovrd-auth-port-https-flow' to a different port to prevent FortiGate from responding to port 8015:
config webfilter fortiguard set ovrd-auth-port-http 8008 set ovrd-auth-port https 8010 set ovrd-auth-port-https-flow 8015 <----- Change to a different port. set ovrd-auth-port-warning 8020 end
Disable the SSL/SSH Certificate Inspection profile on the corresponding policy so the scanner will not be able to view the certificate and port 8015 will not show as open.
