Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Techguy217
New Contributor

Port 8013 for Forticlient

I have a couple questions in regards to the 8013 being open in fortigate for forticlient telemetry.

 

1. Should we have that open all of the time? That seems like a huge risk.

2. We did not have it always open before but recently, users are losing the remote access tab in forticlient when the 8013 policy is not enabled. If we enable it, the remote access tab immediately shows. 

3. The users have all connected to the vpn within the last week and we have the license removal set to max 90 days. 

 

Any ideas why this is happening all of a sudden?

5 REPLIES 5
pgautam
Staff
Staff

Greetings of the day!


Port 8013 is used by FortiClient connecting to Security Fabric (FortiClient Telemetry).

FortiClient is checking if the gateway is a FortiGate, and if yes, it would try to connect to report some information (if FortiGate expects/allows this), so FortiGate would offer greater visibility of connected endpoints.


( references: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/529217

https://docs.fortinet.com/document/forticlient/7.2.0/ems-quickstart-guide/439480/required-services-...).


This port is opened automatically and I believe it can't be disabled ( you can close it using a local-in policy: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-open-ports/ta-p/189671 ).

It is required to be open (the port number can be customized, but a port needs to be open for FCT Telemetry) if you use the EMS. If you want to restrict access to this port for future use you'd have to restrict this to your endpoint IPs (which could be difficult as their IPs might be changing frequently).

Please check the below link for the open ports:- 

https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/303168/fortigate-open-ports

 

 

Regards

Priyanka

Techguy217

The problem is that we can disable the 8013 policy on our fortigate, and all of our forticlients do not lose the remote access, EXCEPT for people on 7.0.2 version of forticlient. All other versions stay connected fine and do not lose the remote access tab. 

 

It's like the 7.0.2 version is losing it's telemetry connection when the 8013 firewall policy is disabled, but all other versions don't lose the connection.

pgautam
Staff
Staff

Greetings of the day!

 

This could be because of the ZTNA implementation from 7. x onwards. In ZTNA telemetry sync is the key with EMS.

 

Regards

Priyanka

 

Techguy217

I'm still confused because this is only happening to our end users on 7.0.2. All versions after 7.0.2 can connect fine to the vpn without the firewall policy for 8013 on. It's like it's a telemetry bug with 7.0.2 only.

spicecourt
New Contributor

Keep in mind though that telemetry is also how you manage the client, so any configuration changes, your client would need to connect via VPN or come into the office to receive those updates. Any vulnerable workstation can’t tell you until they are in (so you cant action based upon that knowledge), and updates can’t get pushed, etc.

https://19216801.onl/ https://routerlogin.uno/
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors