How to block 1723 port incoming request ?
Hi,
To block a specific port on a FortiGate device, follow these instructions:
I hope i answered your question .
Best regards.
If it's traffic to FGT's interfaces, you need to do it in local-in policy. For 7.4 or before, you need to use CLI.
https://docs.fortinet.com/document/fortigate/7.4.5/administration-guide/363127
For 7.6, you can use GUI in addition to CLI method.
https://docs.fortinet.com/document/fortigate/7.6.0/new-features/308650/gui-support-for-local-in-poli...
Toshi
You can configure the following:
config firewall service custom
edit "Port-1723"
set tcp-portrange 1723
set udp-portrange 1723
next
end
config firewall local-in-policy
edit 1
set intf "port1" <- Your public interface or any
set srcaddr "all"
set dstaddr "all"
set service "Port-1723"
set schedule "always"
next
end
Then you can confirm if the traffic on that port is being blocked using:
diagnose sniffer packet any 'port 1723' 4
Hope this helps
Hello @Ganbayar ,
Thank you for contacting the Fortinet Forum portal.
After verifying the steps suggested by @FortiArt and @AEH make sure to enable the "set match-vip enable" firewall policy if you have any Virtual IP configured refer to below article :
Best regards,
Manasa.
If you feel the above steps helped resolve the issue, mark the reply as solved so that other customers can get it easily while searching for similar scenarios.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 704 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.