Hi,
A pen test on our outside IP shows us that port 2000 (Cisco Skinny Clients (IP Phones)) and 5060 (Session Initiation Protocol).
We don't need those ports. And our security office wand to close these ports.
We are running on software version: v5.4.5
The configuration change we did to close port 5060:
conf global
config system session-helper
delete 13
end
And for port 2000 we used the following:
conf vdom
(vdom) # edit Firewall
# config voip profile
(profile) # edit default
(default) # config sccp
(sccp) # set status disable
(sccp) # end
But unfortunately this did not close the ports.
Does anyone has a suggestion to close these 2 ports.
I hope someone can help me. Thanks in advance.
Greetings Palermo
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Did you run a diag to look at active ports
e.g
diag ip udp list | grep 13C4
NOTE port numbers are in HEX value
Ken
PCNSE
NSE
StrongSwan
I disabled SIP ALG but these ports still show as open on a 60D with firmware 5.6.3
Palerm0 wrote:
A reboot is not necessary, Clearing the sessions worked for us:
diagnose sys session filter
diagnose sys session filter dport 5060
diagnose sys session clear
diagnose sys session filter dport 2000
diagnose sys session clearIt may help others :)
Greetings
Palermo
Thanks for this! I found that in an HA environment, the disabling effectively never occurs because a reboot just passes the sessions back and forth. This cleared them for me and the behavior then finally changed.
Palerm0 wrote:
But unfortunately this did not close the ports.
Does anyone has a suggestion to close these 2 ports.
I hope someone can help me. Thanks in advance.
Greetings Palermo
Hello my name is Marco,
i am looking for a solution for the same problem. But we have some IP weher we use that ports
so i am looking for a solution to block these ports for speacial ip´s. We are running 5.4.9 on a 240d
Thanks and regards
Marco
I wanted to share my experience regarding disabling ports, specifically ports 2000 and 5060. It's important to remember that if you're using a scanner behind another Fortigate that isn't directly involved in the scanning, you need to take that into account and disable the necessary settings on it as well. I kept receiving information about an open port on the target Fortigate, but the issue was caused by the Fortigate behind which I was running the scan. It had the default-voip-alg-mode set to proxy. Once I disabled this setting, the problem was resolved. ;)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1629 | |
1060 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.