Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiSpain
New Contributor II

Created on ‎01-14-2026 03:33 AM

PORTS

Good morning,

 

We have a FortiGate 50G installed at home. The device has been set by the company who sold it to us. The FortiGate is used over 2 routers from 2 different providers. We have asked the company to close all the ports as the use of internet here is domestic. When using nmap in order to check possible open ports, the results are:

113/tcp  closed ident

2000/tcp open   cisco-sccp

5060/tcp open   sip

 

I have used the WAN IP of the Forti as target. Maybe I am doing it wrongly... Here there is the Firewall Policy:

 

Captura de pantalla 2026-01-14 a las 12.24.01.jpegCaptura de pantalla 2026-01-14 a las 12.24.16.jpegCaptura de pantalla 2026-01-14 a las 12.24.26.jpeg

The company told us that the ports are closed but here at home we are a little bit worried. Please, could you confirm that the policies are correct in order to close all the ports? If positive, how is it possible that nmap shows open ports (I have done the process 4 or 5 times)? 

 

We are not professional here and our goal is to be completely protected only.

 

Thank you very much.

 

Labels:
413
0 Kudos
20 REPLIES 20
AEK
SuperUser
SuperUser

Created on ‎01-14-2026 03:44 AM

Hi FortiSpain

Here I see you don't have any policy allowing anything from WAN to LAN. There is only from LAN to LAN, and from VPN tunnel to LAN and WAN.

You can check if those open ports are actually for local-in traffic, I mean to address the firewall itself.

You can check it as follows:

  • Check if the WAN interfaces have any published service (HTTPS, SSH, ... etc)
  • Check the ports used for SSL VPN and/or IPsec VPN if they match the ports found by nmap

If nothing found, then probably the front-end routers are the main suspects.

AEK
AEK
290
FortiSpain
New Contributor II
In response to AEK

Created on ‎01-18-2026 10:31 AM

Hi AEK,

 

Thank you very much for your answer.

Regarding the Wan interfaces:

Captura de pantalla 2026-01-18 a las 19.07.02 (1).jpegCaptura de pantalla 2026-01-18 a las 19.07.16 (1).jpeg

 

In local in Policy, you can see this:


Captura de pantalla 2026-01-18 a las 19.18.01.jpegCaptura de pantalla 2026-01-18 a las 19.18.12.jpegCaptura de pantalla 2026-01-18 a las 19.18.26.jpeg

 

The last nmap scan (first 10000 ports) shows this: allthe ports (TCP) are open. We are worried...

 

Thanks for your help.

 

 

217
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎01-18-2026 11:42 PM

I don't see any port similar to the 3 mentioned in your first post.

Then it is probably from the ISP router.

AEK
AEK
190
FortiSpain
New Contributor II
In response to AEK

Created on ‎01-19-2026 03:21 PM

Thank you very much for your help. How can I close almost all the ports on the routers? Because I know I have never open any port as the function options are quite limited when editing the router. Do you think that having open ports means a risk when our domestic net is only connected by ethernet (No wifi)?

 

Thanks again.

171
0 Kudos
AEK
SuperUser
SuperUser
In response to FortiSpain

Created on ‎01-20-2026 09:17 AM

How to close ports depends on the brand and model of the router.

An open port (listening service) is an additional risk. One of main security rules is to close all ports that are not required. The same applies to Ethernet and WiFi.

 
AEK
AEK
151
FortiSpain
New Contributor II
In response to AEK

Created on ‎01-20-2026 04:07 PM Edited on ‎01-20-2026 04:08 PM

Thanks again for your time.

 

Using nmap -sV -sC --top-ports 1000 -T5 --min-rate 1000 -Pn -n, the results are:

 

PORT     STATE  SERVICE     VERSION

113/tcp  closed ident

2000/tcp open   cisco-sccp?

5060/tcp open   sip?

 

... Like my first post.

 

I am a little bit confused. According to chatGPT (yes: I am using it...), everything is normal and secure.

 

I use occasionally a phone plugged to the router.

 

What is your opinion?

 

Thank you

139
0 Kudos
FortiSpain
New Contributor II
In response to mpapisetty

Created on ‎01-21-2026 03:40 PM

Thanks again Manoj,

 

In the second article, when I go to System >> Settings and then click on "Edit on CLI", "config system settings" does not appear. Instead, this is what I see:

 

Captura de pantalla 2026-01-22 a las 0.21.08.png

 

So the commands do not work...

 

In the first article, I have to go to "Config System Interface". I have found it on Network >> Interfaces... This is what appears:

 

Captura de pantalla 2026-01-22 a las 0.33.59.png

 

And I do not know which "Interface name" I have to use. If you could let me know exactly what I have to write so I can use copy/paste, this would be great. I am not looking to be a cybersecurity expert... Just to set the Fortigate secure and forget it as soon as possible.

 

Thank you

96
0 Kudos
mpapisetty
Staff
Staff
In response to FortiSpain

Created on ‎01-21-2026 05:32 PM

Hi @FortiSpain ,

The first article clearly states the exact CLI you need to enter - 

config system settings
    set default-voip-alg-mode kernel-helper-based 
end

I am not sure why would go to system settings and then click on CLI from there. Just access the CLI console from the top right of the screen and put in the commands. Let me know if it doesn't work. 

 

For the second one, you need to disable on the port facing the internet if that was the original concern. Essentially, disable on ports that you think should stay secure. 

 

HTH
Manoj Papisetty
89
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.