Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JACKINLI
New Contributor

Created on ‎03-11-2024 12:14 AM

Questions about FortiGuard 8015 port exposure

We have such a problem now,

We are a branch company , when our headquarters company swept the public network IP and exposed ports, they swept to this port (8015).

So , we not want other public networks (except FortiGuard) can access our 8015 port.

Do you have any good suggestions or solutions ?

FortiGuard  

Labels:
4911
0 Kudos
7 REPLIES 7
AEK
SuperUser
SuperUser

Created on ‎03-11-2024 02:32 AM

Local-in policy is used for that purpose.

config firewall local-in-policy

However it doesn't support ISDB as source address, so the idea is to get the IP range or FQDN that you allow to access this port. You can open a ticket to ask Fortinet support to provide you with the FortiGuard related source addresses.

AEK
AEK
4890
JACKINLI
New Contributor
In response to AEK

Created on ‎03-11-2024 06:15 PM

OK , thanks , I have opened a case , but the reply there is relatively slow . They said the FortiGuard server does not have a specific address table.

4849
0 Kudos
AEK
SuperUser
SuperUser
In response to JACKINLI

Created on ‎03-12-2024 01:19 AM

Then you have 3 options:

  • Disable it as suggested by @hbac if you don't need it
  • Use local-in-policy with GeoIP address object to limit access to this port
  • Leave it open if the two above options are not possible
AEK
AEK
4824
hbac
Staff
Staff

Created on ‎03-11-2024 06:56 AM

Hi @JACKINLI,

 

Port 8015 is used by the FortiGate to authenticate with FortiGuard when a https override request occurs in flow mode (FortiGuard web filter https override authentication). If you don't use that feature, you can disable it. Please refer to https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Resolve-issue-web-filter-block-overr...

 

Regards,

4875
JACKINLI
New Contributor
In response to hbac

Created on ‎03-11-2024 06:25 PM

Excuse me, when communicating with FortiGuard of Fortinet, can we set the policy of interacting with FortiGuard to a certain source address, such as does FortiGuard have a specific address table? 

We will use this 8015 port , but we don't want the public network to scan this 8015 port . How can we do it ? If FortiGuard has a specific address table , it can be achieved.

4846
0 Kudos
ZenSecure
New Contributor

Created on ‎04-08-2024 08:33 AM

I find it disconcerting that these new "Features" happen with no notice or warning until they show up on a vulnerability scan or external audit.  For a security company the lack of change management and Q&A exhibited by Fortinet lately is extreme.  The solutions offered to this issue are not solutions, they are saying turn it off if it's not in use or change the port it's mapped to, which doesn't change the outcome.

4359
0 Kudos
AEK
SuperUser
SuperUser
In response to ZenSecure

Created on ‎04-08-2024 10:39 AM

Unfortunately this is IT, there must be bugs and vulnerabilities, and each time we need to find the best workaround until the fix is released.

AEK
AEK
4352
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.