Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JACKINLI
New Contributor

Questions about FortiGuard 8015 port exposure

We have such a problem now,

We are a branch company , when our headquarters company swept the public network IP and exposed ports, they swept to this port (8015).

So , we not want other public networks (except FortiGuard) can access our 8015 port.

Do you have any good suggestions or solutions ?

FortiGuard 

7 REPLIES 7
AEK
SuperUser
SuperUser

Local-in policy is used for that purpose.

config firewall local-in-policy

However it doesn't support ISDB as source address, so the idea is to get the IP range or FQDN that you allow to access this port. You can open a ticket to ask Fortinet support to provide you with the FortiGuard related source addresses.

AEK
AEK
JACKINLI
New Contributor

OK , thanks , I have opened a case , but the reply there is relatively slow . They said the FortiGuard server does not have a specific address table.

AEK

Then you have 3 options:

  • Disable it as suggested by @hbac if you don't need it
  • Use local-in-policy with GeoIP address object to limit access to this port
  • Leave it open if the two above options are not possible
AEK
AEK
hbac
Staff
Staff

Hi @JACKINLI,

 

Port 8015 is used by the FortiGate to authenticate with FortiGuard when a https override request occurs in flow mode (FortiGuard web filter https override authentication). If you don't use that feature, you can disable it. Please refer to https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Resolve-issue-web-filter-block-overr...

 

Regards,

JACKINLI
New Contributor

Excuse me, when communicating with FortiGuard of Fortinet, can we set the policy of interacting with FortiGuard to a certain source address, such as does FortiGuard have a specific address table? 

We will use this 8015 port , but we don't want the public network to scan this 8015 port . How can we do it ? If FortiGuard has a specific address table , it can be achieved.

ZenSecure
New Contributor

I find it disconcerting that these new "Features" happen with no notice or warning until they show up on a vulnerability scan or external audit.  For a security company the lack of change management and Q&A exhibited by Fortinet lately is extreme.  The solutions offered to this issue are not solutions, they are saying turn it off if it's not in use or change the port it's mapped to, which doesn't change the outcome.

AEK

Unfortunately this is IT, there must be bugs and vulnerabilities, and each time we need to find the best workaround until the fix is released.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors