Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiSpain
New Contributor II

Created on ‎01-14-2026 03:33 AM

PORTS

Good morning,

 

We have a FortiGate 50G installed at home. The device has been set by the company who sold it to us. The FortiGate is used over 2 routers from 2 different providers. We have asked the company to close all the ports as the use of internet here is domestic. When using nmap in order to check possible open ports, the results are:

113/tcp  closed ident

2000/tcp open   cisco-sccp

5060/tcp open   sip

 

I have used the WAN IP of the Forti as target. Maybe I am doing it wrongly... Here there is the Firewall Policy:

 

Captura de pantalla 2026-01-14 a las 12.24.01.jpegCaptura de pantalla 2026-01-14 a las 12.24.16.jpegCaptura de pantalla 2026-01-14 a las 12.24.26.jpeg

The company told us that the ports are closed but here at home we are a little bit worried. Please, could you confirm that the policies are correct in order to close all the ports? If positive, how is it possible that nmap shows open ports (I have done the process 4 or 5 times)? 

 

We are not professional here and our goal is to be completely protected only.

 

Thank you very much.

 

Labels:
461
0 Kudos
21 REPLIES 21
FortiSpain
New Contributor II
In response to mpapisetty

Created on ‎01-21-2026 05:51 PM

It is very late here... in the article about port 113, I go to network >> interfaces then click "edit" on one of them. I can press the "Edit in CLI" button, I write "edit" + the name of the interface, then the rest of the command but the system says "unknown action"... I am tired. I will try again tomorrow.

 

Have a good night

125
0 Kudos
FortiSpain
New Contributor II
In response to mpapisetty

Created on ‎01-22-2026 12:18 PM

Good afternoon Manoj,

 

I went to system settings because the title of the command is "config system settings"... So I followed the following:

 

Captura de pantalla 2026-01-22 a las 2.40.17.jpeg

 

My confusion comes from the fact that the word "CLI" does not appear on the top right of the screen... Now, I have found it. I have applied the commands of the articles you sent and these are the nmap results:

 

PORT     STATE    SERVICE

113/tcp closed ident

2000/tcp filtered cisco-sccp

5060/tcp filtered sip

 

Are these results right?

 

Thank you for confirming.

 

 

111
0 Kudos
FortiSpain
New Contributor II
In response to mpapisetty

Created on ‎01-22-2026 12:51 PM Edited on ‎01-22-2026 01:02 PM

Hi Manoj,

 

This is my second reply of today. i have run the following command on nmap: 

sudo nmap -sS --top-ports 3000 -T4 -n

 

I can connect to the firewall through 2 different IPs (one for each router).

 

Results (Router A):

 

Not shown: 2996 filtered tcp ports (no-response)

PORT    STATE  SERVICE

22/tcp  open   ssh

80/tcp  open   http

113/tcp closed ident

443/tcp open   https

 

Results (Router B):

 

Not shown: 3000 filtered tcp ports (no-response)

 

I would like to close the open ports. Could you be so kind as to let me know the steps I have to follow?

 

Thank you

106
0 Kudos
mpapisetty
Staff
Staff
In response to FortiSpain

Created on ‎01-22-2026 02:32 PM

The open ports are enabled under the interface. For Router A connected interface, just disable the admin access ports. Here is the reference - https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-administrative-access-on-...

HTH
Manoj Papisetty
80
0 Kudos
FortiSpain
New Contributor II
In response to mpapisetty

Created on ‎01-22-2026 03:11 PM

Thank you... But once done, the access to the Firewall is not possible. What do you recommend?

70
0 Kudos
mpapisetty
Staff
Staff
In response to FortiSpain

Created on ‎01-22-2026 04:28 PM

Haha. I hope I am not being made fun of here. We open ports to access the firewall, but I thought you wanted to close the ports. And hence I showed you the path. 

 

Do you want the ports open or closed? And if you have a detailed end state in mind, I could help better. 

 

HTH
Manoj Papisetty
43
0 Kudos
FortiSpain
New Contributor II
In response to mpapisetty

Created on ‎01-22-2026 04:53 PM Edited on ‎01-22-2026 04:54 PM

I have closed port 22. I will leave 80 and 443 open. If I need to connect to the firewall via ssh, I will open it again.

After running nmap searching for vulnerabilities, I have found this:

443/tcp open  ssl/https

|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)

|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)

|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

|_http-csrf: Couldn't find any CSRF vulnerabilities.

| fingerprint-strings:

|   GetRequest:

|     HTTP/1.1 200 OK

|     Content-Encoding: gzip

|     Content-Type: text/html

|     ETag: c7ydcg56t6G85Nd83bgn9qsQgrgcq749

|     X-Frame-Options: SAMEORIGIN

|     Content-Security-Policy: frame-ancestors 'self'

|     X-XSS-Protection: 1; mode=block

|     Strict-Transport-Security: max-age=63072000

|     Date: Fri, 23 Jan 2026 00:36:45 GMT

|     Connection: close

|     _Ij2~

|     ]lXl

|     ?VC%

|     #PJ*

|     Ef8?

|     nNMZ

|_    ."!eb

| http-method-tamper:

|   VULNERABLE:

|   Authentication bypass by HTTP verb tampering

|     State: VULNERABLE (Exploitable)

|       This web server contains password protected resources vulnerable to authentication bypass

|       vulnerabilities via HTTP verb tampering. This is often found in web servers that only limit access to the

|        common HTTP methods and in misconfigured .htaccess files.

 

 

Do I have to be worried?

 

On the other hand, I have downloaded the Fortinet Certificate which has been installed on the Keychain of my computer (log in section). It is valued as "non trustable" (sorry for my poor translation...). Do I have to change this to "trustable"?

 

My goal is to be as protected as possible... But being able to enter in the firewall interface at least.

 

Thanks again

37
0 Kudos
AEK
SuperUser
SuperUser
In response to FortiSpain

Created on ‎01-24-2026 04:51 AM

Leaving admin ports open on WAN interface is a very bad idea for security.

Leave them open only on LAN interface. In case you need to administer your equipment from WAN then better to do it through VPN or PAM.

AEK
AEK
17
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎01-21-2026 12:03 AM

"I use occasionally a phone plugged to the router"

 

That explains why SIP and SCCP are listening.

If you want to protect them with the FortiGate you will need to change your design to bring your VoIP behind the firewall instead of leaving it at front-end router level.

Meanwhile you should keep everything patched (router, phone, FGT) to avoid known vulnerabilities, and you may also work with a pentester to check if there are some exploitable breaches.

AEK
AEK
155
0 Kudos
FortiSpain
New Contributor II
In response to AEK

Created on ‎01-21-2026 03:48 PM Edited on ‎01-21-2026 03:49 PM

Hi AEK and thank you very much for your time.

 

If you want to protect them with the FortiGate you will need to change your design to bring your VoIP behind the firewall instead of leaving it at front-end router level.

 

That sounds very well. I asked the company who installed the firewall to do it but they say that they are not able to make it.

 

Could you be so kind as to let me know the steps in order to bring my VoIP behind the firewall? It is really important for us.

 

Thank you.



134
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.