Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiSpain
New Contributor

Created on ā€Ž01-14-2026 03:33 AM

PORTS

Good morning,

 

We have a FortiGate 50G installed at home. The device has been set by the company who sold it to us. The FortiGate is used over 2 routers from 2 different providers. We have asked the company to close all the ports as the use of internet here is domestic. When using nmap in order to check possible open ports, the results are:

113/tcp  closed ident

2000/tcp open   cisco-sccp

5060/tcp open   sip

 

I have used the WAN IP of the Forti as target. Maybe I am doing it wrongly... Here there is the Firewall Policy:

 

Captura de pantalla 2026-01-14 a las 12.24.01.jpegCaptura de pantalla 2026-01-14 a las 12.24.16.jpegCaptura de pantalla 2026-01-14 a las 12.24.26.jpeg

The company told us that the ports are closed but here at home we are a little bit worried. Please, could you confirm that the policies are correct in order to close all the ports? If positive, how is it possible that nmap shows open ports (I have done the process 4 or 5 times)? 

 

We are not professional here and our goal is to be completely protected only.

 

Thank you very much.

 

Labels:
159
0 Kudos
6 REPLIES 6
AEK
SuperUser
SuperUser

Created on ā€Ž01-14-2026 03:44 AM

Hi FortiSpain

Here I see you don't have any policy allowing anything from WAN to LAN. There is only from LAN to LAN, and from VPN tunnel to LAN and WAN.

You can check if those open ports are actually for local-in traffic, I mean to address the firewall itself.

You can check it as follows:

  • Check if the WAN interfaces have any published service (HTTPS, SSH, ... etc)
  • Check the ports used for SSL VPN and/or IPsec VPN if they match the ports found by nmap

If nothing found, then probably the front-end routers are the main suspects.

AEK
AEK
154
FortiSpain
New Contributor
In response to AEK

Created on ā€Ž01-18-2026 10:31 AM

Hi AEK,

 

Thank you very much for your answer.

Regarding the Wan interfaces:

Captura de pantalla 2026-01-18 a las 19.07.02 (1).jpegCaptura de pantalla 2026-01-18 a las 19.07.16 (1).jpeg

 

In local in Policy, you can see this:


Captura de pantalla 2026-01-18 a las 19.18.01.jpegCaptura de pantalla 2026-01-18 a las 19.18.12.jpegCaptura de pantalla 2026-01-18 a las 19.18.26.jpeg

 

The last nmap scan (first 10000 ports) shows this: allthe ports (TCP) are open. We are worried...

 

Thanks for your help.

 

 

81
0 Kudos
AEK
SuperUser
SuperUser

Created on ā€Ž01-18-2026 11:42 PM

I don't see any port similar to the 3 mentioned in your first post.

Then it is probably from the ISP router.

AEK
AEK
54
FortiSpain
New Contributor
In response to AEK

Created on ā€Ž01-19-2026 03:21 PM

Thank you very much for your help. How can I close almost all the ports on the routers? Because I know I have never open any port as the function options are quite limited when editing the router. Do you think that having open ports means a risk when our domestic net is only connected by ethernet (No wifi)?

 

Thanks again.

35
0 Kudos
AEK
SuperUser
SuperUser
In response to FortiSpain

Created on ā€Ž01-20-2026 09:17 AM

How to close ports depends on the brand and model of the router.

An open port (listening service) is an additional risk. One of main security rules is to close all ports that are not required. The same applies to Ethernet and WiFi.

 
AEK
AEK
15
FortiSpain
New Contributor
In response to AEK

Created on ā€Ž01-20-2026 04:07 PM Edited on ā€Ž01-20-2026 04:08 PM

Thanks again for your time.

 

Using nmap -sV -sC --top-ports 1000 -T5 --min-rate 1000 -Pn -n, the results are:

 

PORT     STATE  SERVICE     VERSION

113/tcp  closed ident

2000/tcp open   cisco-sccp?

5060/tcp open   sip?

 

... Like my first post.

 

I am a little bit confused. According to chatGPT (yes: I am using it...), everything is normal and secure.

 

I use occasionally a phone plugged to the router.

 

What is your opinion?

 

Thank you

3
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.