I have a couple questions in regards to the 8013 being open in fortigate for forticlient telemetry.
1. Should we have that open all of the time? That seems like a huge risk.
2. We did not have it always open before but recently, users are losing the remote access tab in forticlient when the 8013 policy is not enabled. If we enable it, the remote access tab immediately shows.
3. The users have all connected to the vpn within the last week and we have the license removal set to max 90 days.
Any ideas why this is happening all of a sudden?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Greetings of the day!
Port 8013 is used by FortiClient connecting to Security Fabric (FortiClient Telemetry).
FortiClient is checking if the gateway is a FortiGate, and if yes, it would try to connect to report some information (if FortiGate expects/allows this), so FortiGate would offer greater visibility of connected endpoints.
( references: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/529217
This port is opened automatically and I believe it can't be disabled ( you can close it using a local-in policy: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-open-ports/ta-p/189671 ).
It is required to be open (the port number can be customized, but a port needs to be open for FCT Telemetry) if you use the EMS. If you want to restrict access to this port for future use you'd have to restrict this to your endpoint IPs (which could be difficult as their IPs might be changing frequently).
Please check the below link for the open ports:-
https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/303168/fortigate-open-ports
Regards
Priyanka
The problem is that we can disable the 8013 policy on our fortigate, and all of our forticlients do not lose the remote access, EXCEPT for people on 7.0.2 version of forticlient. All other versions stay connected fine and do not lose the remote access tab.
It's like the 7.0.2 version is losing it's telemetry connection when the 8013 firewall policy is disabled, but all other versions don't lose the connection.
Greetings of the day!
This could be because of the ZTNA implementation from 7. x onwards. In ZTNA telemetry sync is the key with EMS.
Regards
Priyanka
I'm still confused because this is only happening to our end users on 7.0.2. All versions after 7.0.2 can connect fine to the vpn without the firewall policy for 8013 on. It's like it's a telemetry bug with 7.0.2 only.
Keep in mind though that telemetry is also how you manage the client, so any configuration changes, your client would need to connect via VPN or come into the office to receive those updates. Any vulnerable workstation can’t tell you until they are in (so you cant action based upon that knowledge), and updates can’t get pushed, etc.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.