8009Just create a local firewire policy and custom service with a deny action config firewall service custom edit " port_8009_tcp" set protocol TCP/UDP/SCTP set tcp-portrange 8009 next end config firewall local edit 0 set intf " wan1" set srcaddr " all" set dstaddr " all" set service " port_8009_tcp" set schedule " always" next
PCNSE
NSE
StrongSwan
I wish they let me modify the local in policiesWhat do you mean " wish the let you modify" you can.See the 2nd post ( by me ), you have the ability to filter anyting that ' s local no different than a juniper SRX . if you think about it. the allowaccess and local-in-policy is the exact same things on juniper SRX ( system services ) but 100x more effective and easier imho ( Okay not 100X better but 10 times better ) if you would execute the sample policy provided, you will see that 8009 would be close on a followup scan.
I should not need to create a deny rule as the default deny all rule should cover it since there is no higher priority/ordered policy specifically allowing it.fwiw, regular fwpolicies ipv4 or ipv6 has nothing todo with this.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.