Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎05-11-2011 01:25 AM

How to allow port 1443

I had added a custom Service under FIREWALL for TCP 1443 for destination and source . I also added a new address and created a policy base on it. However users are still unable to log into the website. Any idea? I am using 200A
6637
0 Kudos
13 REPLIES 13
ede_pfau
SuperUser
SuperUser

Created on ‎05-11-2011 01:40 AM

Hi, do you use a VIP to lead the traffic from WAN to internal port? It would help a lot if you could post - your FortiOS version - the policy - the config of your custom service One more, you are sure that you still use the default ports for administration of the Fortigate (http=80, https=443)?
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3626
0 Kudos
Not applicable
In response to ede_pfau

Created on ‎05-11-2011 02:50 AM

ORIGINAL: ede_pfau Hi, do you use a VIP to lead the traffic from WAN to internal port? It would help a lot if you could post - your FortiOS version - the policy - the config of your custom service One more, you are sure that you still use the default ports for administration of the Fortigate (http=80, https=443)?
I am quite a novice to this device. How to check is it is VIP to lead the traffic? -Firmware version: v4.0,build0178,090820 (MR1)
Preview file
29 KB
3626
0 Kudos
Citylight
New Contributor
In response to

Created on ‎05-11-2011 03:34 AM

You definitely must follow Maiks advice and change the source ports. Otherwise it will work only in one case: the source is really 1443 and that' s a one-hit wonder. Citylight
3626
0 Kudos
Fullmoon
Contributor III
In response to

Created on ‎05-11-2011 03:52 AM

ORIGINAL: cookiegal
ORIGINAL: ede_pfau Hi, do you use a VIP to lead the traffic from WAN to internal port? It would help a lot if you could post - your FortiOS version - the policy - the config of your custom service One more, you are sure that you still use the default ports for administration of the Fortigate (http=80, https=443)?
I am quite a novice to this device. How to check is it is VIP to lead the traffic? -Firmware version: v4.0,build0178,090820 (MR1)
Name: Port 1443 Protocol Type: TCP/UDP Protocol:TCP Source Port: Low:1024 High:65535 Destination Port: Low:1443 High:1443

Fortigate Newbie

Fortigate Newbie
3626
0 Kudos
Maik
New Contributor II

Created on ‎05-11-2011 02:18 AM

custom Service under FIREWALL for TCP 1443 for destination and source
Change the source to 1024 - 65535 regards Maik
3626
0 Kudos
Not applicable
In response to Maik

Created on ‎05-11-2011 02:43 AM

Hi maik, isnt this opening up to more unneccessary ports?
3626
0 Kudos
Maik
New Contributor II
In response to

Created on ‎05-11-2011 04:04 AM

Hi maik, isnt this opening up to more unneccessary ports?
no to get a feeling what' s going on, enter the " netstat.exe" command in a command shell of your windows client and study it' s output
3626
0 Kudos
rwpatterson
Valued Contributor III
In response to Maik

Created on ‎05-11-2011 05:02 AM

Just an FYI: Any time you see ' port' in this firewall it' s destination port unless otherwise specified.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
3626
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎05-11-2011 04:03 AM

In case you wonder why everyone tells you to change the source ports and nobody tells you why: - TCP/UDP services use specific DESTINATION ports. You identify your HTTP custom service by the destination port 1443. Clients connecting to your server use random SOURCE ports so you have to allow a port range. But you only have to allow from port 1024 upwards as ports below are reserved for services. The highest possible port number is 65535 (=64K - 1). So that will fix your custom service definition. Again, if I could see your policy we could proceed from here.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3626
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.