Firstly I have not tested this but I don't see why it should not work.
Scenario -> Allow SSH Access to FortiGate if the same user is knocking at 1001,1002 and 1003 ports.
1. Configure a firewall policy to deny external access to the SSH port by default.
2. Set up FortiGate to log connection attempts whenever someone tries accessing to the closed ports.
3. These logs should be monitored properly on a syslog server (FGT should send these logs live)
4. A python script should be created which always monitors the logs. When it sees that a user has knocked on 1001,1002 and 1003 in that order then the script should send API or SSH commands to the FortiGate which basically modifies or adds a firewall policy (only for that user) to be able to SSH to the machine. If a time limit could be set for the amount of time the port will be open, then even better.
Hi @ben6400 ,
We do not support Port Knocking (You can't find any information about it in the FortiOS Admin Guide).
However, you may use some third-party tool to accomplish this:
https://www.youtube.com/watch?v=-6KO-rZzXP8&ab_channel=ComputermanStevenPolley
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.