Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SS1982
New Contributor II

CLI show commands

Hello All,

 

Is there a cli command that show all the allowed ports in a policy for a specific VLAN please?

For example, I would like to know if the ports are open like 80, 443,554, 5000 and etc is open?

 

Thank you. 

 

 

3 REPLIES 3
akileshc
Staff
Staff

Hi,

 

Basically, on the Firewall, all ports are closed by default; afterward, when needed the relevant services are allowed on appropriate IPv4 policies.

 

Example:

config firewall policy
edit 1
set name "LAN-WAN"
set srcintf "lan"
set dstintf "wan1"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "HTTPS" <-- Service
set nat enable
next

end

config firewall service custom
edit "HTTPS"
set category "Web Access"
set tcp-portrange 443 <-- Ports allowed in the service
next
end 

 

Commands to verify the service:

# sh firewall service custom "HTTPS

 

I hope this would have been useful.

Toshi_Esumi
Esteemed Contributor II

This might work as a tool for your purpose: "diag firewall iprope lookup".
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Trace-which-firewall-policy-will-match-bas...

SS1982
New Contributor II

Thank you for the info, very  useful.