Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jefazo92
Contributor

Created on ‎07-30-2024 07:35 AM

Does deleting an entry in Services disable a service in Fortigate?

Hi, 

 

There are a number of services I would like to disable such as ldap and tftp. I found them listed in Policy & Objects - > Services. If I were to delete the entries there for thses services, would it delete them or would it just delete the entries but keep the services active?

Labels:
931
0 Kudos
5 REPLIES 5
cravikumar
Staff
Staff

Created on ‎07-30-2024 08:10 AM

If you delete the services, you can't reference it under policy and objects but the services will still be active. Use local-in policy to block services.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-open-ports/ta-p/189671

P R Chaitanya
915
jefazo92
Contributor
In response to cravikumar

Created on ‎07-31-2024 03:07 AM Edited on ‎07-31-2024 03:09 AM

Thank you very much @cravikumar

868
jefazo92
Contributor

Created on ‎08-26-2024 05:10 AM Edited on ‎08-26-2024 05:48 AM

Hi @cravikumar, apologies but I should have asked you as well how I may check all the default services, protocols and ports which can be referenced and edited through local-in-policy. I want to block LLDP service and some time ago I found a post some time ago describing the command to find this but I think it might have been removed as I cannot find it any longer.

712
0 Kudos
SonaMuvv
Staff
Staff
In response to jefazo92

Created on ‎08-26-2024 01:00 PM

Hello,

 

If you want to know what services can be edited in the local-in-policy, you can run the below command with a question mark and that will show you a list of services that you can use in localin-policy

config firewall local-in-policy

edit x  ---> local-in-policy id

set service ?

 

Also, I am attaching a documentation to disable LLDP globally and also on interface level.

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/311052/lldp-reception

694
0 Kudos
sw2090
SuperUser
SuperUser

Created on ‎08-26-2024 11:18 PM

in fact those are just objects. Their pure existance does not enable or disable anything. Plus I gues there are factory default objects you probably cannot delete.

Actually Fortigates work the other way round: if you want a service to be enabled you have to create a policy for it (except from interface based ones but these can be enabled/disabed in the interface settings and do not need an object). Anything you did not explicitely enable will always be denied by policy #0 (implicite deny).

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
672
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.