Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chinyu
New Contributor

Created on ‎10-25-2022 07:27 AM

How do I block a specific port on the Fortigate?

I thought this would be easy, but I am not finding a specific option for doing so. We recently had a system update form a vendor, and they are suggesting we block http port 5985 and https port 5986 at the firewall. I am logged into the Fortigate right now and thought I would just find where ports are already blocked and add these two to the list, but I don't see anything like that.

My thought is that everything is implicitly denied unless allowed, so this might already be blocked by default, but I want to confirm that to the vendor to complete the security on this setup.

Is there something I am missing while going through the menus? We're on version 7.0.7 - I am comfortable with the menus and interface and making changes, I'm just not sure where to go, and searching online for this option isn't yeilding any good results.

Tweakbox Appvalley tutuapp
Tweakbox Appvalley tutuapp
Labels:
13285
0 Kudos
3 REPLIES 3
Cajuntank
Contributor II

Created on ‎10-25-2022 08:03 AM Edited on ‎10-25-2022 08:03 AM

If you are talking about blocking ingress into your network, then yes, there is an implicit deny unless you have a specific policy allowing traffic in from these ports. If you are talking about blocking egress from your network, then you will need to create a service definition for that port range of 5985-5986 (you will also need to specify if its tcp and or udp). Then you will create a policy with that new service defined and your action will be set to DENY instead of ACCEPT. Then move the policy up in the list to where it is being processed first before other  policies accordingly.

13278
0 Kudos
abarushka
Staff
Staff

Created on ‎10-26-2022 08:27 AM

Hello,

 

In case VIP are used you may consider to follow kb below:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-does-not-block-incoming-WAN-to-LA...

FortiGate
13264
0 Kudos
Babitha_M
Staff
Staff
In response to abarushka

Created on ‎08-30-2024 02:57 AM

Hi,

 

To block a specific port on a FortiGate device, follow these instructions:

  1. Access the FortiGate web interface.
  2. Go to Policy & Objects > IPv4 Policy.
  3. Select Create New to set up a new firewall policy.
  4. Adjust the following settings:
    • Source Interface: Choose the interface where the traffic originates.
    • Destination Interface: Pick the interface where the traffic is intended to go.
    • Source Address: Enter the source IP address or range.
    • Destination Address: Specify the destination IP address or range.
    • Service: Select the particular service or port you want to restrict.
    • Action: Set the action to Deny to block the traffic.
  5. Save the new firewall policy.

5172
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.