Technical Tip: Restricting Source port of the traffic for specific service

This article has restricted RDP communication to specific source port ranges 1000 to 20000 for example.

• It is necessary to restrict the source port/source port range within the existing service/by creating a new custom service. It is recommended to create a new custom service instead of changing source port information within the default available services
• It has been created an 'RDP-restricted' custom service by following Policy & Objects -> Services -> Create New:

• Select the Protocol Type and Specify the destination port as required. It has been specified TCP protocol and destination port 3389 for RDP. It is possible to specify this same port number in the Low and High boxes if it is a single port. If it is a range of ports, it is possible to specify lower and upper numbers of range accordingly.
   

• After that, it is possible to enable the 'Specify Source Ports' switch and specify the lower and upper range of ports.
  
  

• Once it is configured, it is possible to hover over the newly configured service 'RDP-restricted' and confirm that the source port range is changed to 1000-20000.

• Now, it is possible to use it under a firewall policy to restrict the traffic. Refer to the below article for details regarding how to use the newly created service on the firewall policy: Technical Tip: How to create custom service port in FortiGate from GUI and add on firewall policy.