Community,
I have the following configured on the fortigate Service, Object configurations.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
@hbac with all respect, TCP/0-1:0-1 means destination port 0 till 1 : source port 0 - 1 both TCP. So, TCP/0:0 means TCP (destination port 0 and source port 0).
My concern was, is, that TCP/0:0 would basically mean, TCP (destination port ANY and source port ANY).
But the test proved that this is incorrect.
Still I'm wondering why someone would add TCP/0:0 as a service?
Can you open this object and share a screenshot of its config?
Like this?
I think it means TCP is simply not considered in this service.
Hmm.. Or perhaps the other way around, all IP address, (0.0.0.0), all source ports (0) and all destinations ports (0) are allowed.
To ignore or not to ignore, that the question. ;)
So just test it. Put it in a test policy and see if it allows or denies any tcp.
Hmmm..
@AEK Thanks. good tip. Honestly, did not think of it.
Okay. Done.
Once I added the "Web Access" services group the policy was being used, Meaning the traffic did not match the TCP/0:0 filter.
The question than actually still remains.
What does TCP/0:0 means and when will it be hit?
Source port = 0 and destination port = 0 ? If that is the case, what type of traffic, application, will that be?
Hi @WillemK,
TCP/0:0 means TCP destination port range from 0 to 0. If you only use UDP, you can simply change the Protocol Type to UDP.
Regards,
@hbac with all respect, TCP/0-1:0-1 means destination port 0 till 1 : source port 0 - 1 both TCP. So, TCP/0:0 means TCP (destination port 0 and source port 0).
My concern was, is, that TCP/0:0 would basically mean, TCP (destination port ANY and source port ANY).
But the test proved that this is incorrect.
Still I'm wondering why someone would add TCP/0:0 as a service?
You are correct for the first part. However, TCP/0:0 is the opposite of ANY. No traffic will use source or destination port 0 which means TCP traffic will never match this service. As I mentioned, if this custom service is used for only UDP you can change the Protocol Type to UDP.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.