I have a couple questions in regards to the 8013 being open in fortigate for forticlient telemetry.
1. Should we have that open all of the time? That seems like a huge risk.
2. We did not have it always open before but recently, users are losing the remote access tab in forticlient when the 8013 policy is not enabled. If we enable it, the remote access tab immediately shows.
3. The users have all connected to the vpn within the last week and we have the license removal set to max 90 days.
Port 8013 is used by FortiClient connecting to Security Fabric (FortiClient Telemetry).
FortiClient is checking if the gateway is a FortiGate, and if yes, it would try to connect to report some information (if FortiGate expects/allows this), so FortiGate would offer greater visibility of connected endpoints.
It is required to be open (the port number can be customized, but a port needs to be open for FCT Telemetry) if you use the EMS. If you want to restrict access to this port for future use you'd have to restrict this to your endpoint IPs (which could be difficult as their IPs might be changing frequently).
The problem is that we can disable the 8013 policy on our fortigate, and all of our forticlients do not lose the remote access, EXCEPT for people on 7.0.2 version of forticlient. All other versions stay connected fine and do not lose the remote access tab.
It's like the 7.0.2 version is losing it's telemetry connection when the 8013 firewall policy is disabled, but all other versions don't lose the connection.
I'm still confused because this is only happening to our end users on 7.0.2. All versions after 7.0.2 can connect fine to the vpn without the firewall policy for 8013 on. It's like it's a telemetry bug with 7.0.2 only.
Keep in mind though that telemetry is also how you manage the client, so any configuration changes, your client would need to connect via VPN or come into the office to receive those updates. Any vulnerable workstation can’t tell you until they are in (so you cant action based upon that knowledge), and updates can’t get pushed, etc.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.