Hello,
I'm doing some cleanup in a fortigate environment that has not been kept very tidy. There are a lot of policy openings that i dislike as they have been allowing all protocols far too often.
Now i want to crack down on these and limit some policies to only have access to the ports that are actually frequently used.
Now the proper way of doing this would be to contact various parties and get lists of ports required for the respective services and applications but i wonder if there is some tool in FMG/Fortianalyzer that might help me?
I imagine a tool to list ports accessed by a certain policy and how many hits they each have in a certain timespan.
Is that possible? or is there a better/simpler solution?
Br
Johan
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Johan,
FortiGate does things differently than other vendors. Creating policies per ports is a waste of resources including time for managing them. What is the closest you can get to that is to use Application control or Internet Service database. Application control scans the traffic content (deep inspection strongly recommended), while Internet Service restricts access to specific IPs and ports.
Hope this helps.
Hi RSJohan,
If you have FortiAnalyzer. you can use Fortiview to check the sessions and from there you will be able to check what ports are used. Keep adding a Firewall Policy at the top and then monitor the original policy if there is still a hit and then disable it.
I was looking for a way to get more of a summary than scrolling through the logs.
Guess I could download the logs and summarize them in excel, unfortunatly i'm missing the download button in my fortianalyzer, but that may be another thread ;)
Hi Johan,
FortiGate does things differently than other vendors. Creating policies per ports is a waste of resources including time for managing them. What is the closest you can get to that is to use Application control or Internet Service database. Application control scans the traffic content (deep inspection strongly recommended), while Internet Service restricts access to specific IPs and ports.
Hope this helps.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.