Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FortiGate authentication 8008 and 8010 port firewalled


I'm trying to allow authenticated users to grant access to website blocked by FortiGuard web filter.

The problem is , that the authentication page/form doesn't show up. After quick google search I see that FortiGates use 8008 and 8010 ports to authenticate users, but in my case this ports a firewalled by forti. Maybe that's a reason why authentication popup doesn't show up ?

I checked config webfilter fortiguard   and 'close-ports'  directive is set to disable:

FGT60FT (fortiguard) # get
cache-mode : ttl
cache-prefix-match : enable
cache-mem-percent : 1
ovrd-auth-port-http : 8008
ovrd-auth-port-https: 8010
ovrd-auth-port-https-flow: 8015
ovrd-auth-port-warning: 8020
ovrd-auth-https : enable
warn-auth-https : enable
close-ports : disable
request-packet-size-limit: 0


when I try to telnet from LAN-side to the FortiGate_LAN_IP on 8008 or 8010 ports -   it's firewalled (it's neither opened nor refused)

what could be the reason of such behavior?




Hello MarkusPL,


Thanks for posting on the Fortinet Community Forum!


Did you update FortiGate to the final version (7.0.x)? If not, sometimes it can fix a bug by itself!


Kindest regards,

Jean-Philippe - Fortinet Community Team

Hi Markus,


what do you mean by firewalled?

I understand that firewalled is simply "behind the firewall".

The respective ports here are ON the firewall, so not firewalled in that sense.


With that KB you might have seen already:

I would wonder what exactly is "not showing up". Is this an IP connection, do you see the fqdn of the FortiGate on this browser, is there an error message and which error message would it be? The browser messages will help identifying where to even look here, check the link your browser is trying to reach and, according to the link and its examples, after which action does the problem appear? After clicking the "override" button?


Best regards,


also Markus




You may consider to sniff traffic (diagnose sniffer packet any 'port <>' 4 0 a) on FortiGate in order to check whether traffic is reaching FortiGate and FortiGate is replying.