Having all these ports open by default (specially for disabled or unused features) is another big strike in my mind.Fortinet for ages has maintained a list of services that are used BY all fortinet products. You and every engineer ( fortinet ) should be aware and review these on a regular basis. As engineers, we should do ports scan against our hardware b4 and after implementation to find anything that might be exposed. Fortinet does a good job with passing knowledge and never hides anything once again imho and based on experience with dealing with them for 9+ years. I would take a fortigare over most other vendors products in a heart beart. Even where the fail or weak at, they are still far advance the pack in a lot of other areas. btw, here' s the list of common ports and services directionality http://kb.fortinet.com/kb/viewContent.do?externalId=10773 You can also use a combination of these cli cmds diag sys tcpsock fnsysctl cat /proc/net/tcp <-----you will have todo some hex converison
PCNSE
NSE
StrongSwan
http://speedy.sh/e5mHY/Ports-Used-by-Fortinet.pdf
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1789 | |
1120 | |
768 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.