Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mikeymouse
New Contributor

Port 8013 causing PCI compliance failure

Hi, relatively new to the world of PCI compliance as well as certificates and need some advice. A PCI scan continues to fail with the certificate connected with port 8013 being the issue. I cannot for the life of me find the service that runs on that port to either shut it off or correct the certificate issue. Any help is greatly appreciated.pci failure.PNG

1 Solution
andrewbailey
Contributor II

Hi mikeymouse,

 

The ports used by FortiOS can be found in the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.0/fortios-ports/637075/incoming-ports

 

It lists port 8013 as being used by FortiClient for "Compliance and Security Fabric".

 

If you aren't using FortiClient (and dont plan to) then you should be able to turn this off via change to the "local in" policy.

 

Again, there is some guidance on the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.3/administration-guide/363127/local-in-policies

 

I hope that's enough to help you resolve your issues!

 

Kind Regards,

 

 

Andy.

View solution in original post

3 REPLIES 3
andrewbailey
Contributor II

Hi mikeymouse,

 

The ports used by FortiOS can be found in the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.0/fortios-ports/637075/incoming-ports

 

It lists port 8013 as being used by FortiClient for "Compliance and Security Fabric".

 

If you aren't using FortiClient (and dont plan to) then you should be able to turn this off via change to the "local in" policy.

 

Again, there is some guidance on the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.3/administration-guide/363127/local-in-policies

 

I hope that's enough to help you resolve your issues!

 

Kind Regards,

 

 

Andy.

Debbie_FTNT
Staff
Staff

To elaborate on Andrew's response, if you don't use FortiClient or FortiAP, you can disable (depending on your FortiGate firmware version) either disable FortiTelemetry or Security Fabric (which is FortiTelemetry and CAPWAP bundled) on the interface(s). If you do use FortiAPs for wireless stuff, and only have the Security Fabric option, you can't disable it. In that case a local-in policy as Andrew advised is your best option.

 

Cheers!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
mikeymouse
New Contributor

Thanks, the local in policy solved my issue then. I appreciate the responses!