Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
WillemK
New Contributor II

TCP/0:0

Community,

I have the following configured on the fortigate Service, Object configurations.

 

s-udp-1433      Custom Service    TCP/0:0, UDP/1433
 
What does TCP/0:0 mean in this case?
 
Regards,
 
Willem K.
1 Solution
WillemK
New Contributor II

@hbac with all respect, TCP/0-1:0-1 means destination port 0 till 1 : source port 0 - 1 both TCP. So, TCP/0:0 means TCP (destination port 0 and source port 0).

My concern was, is, that TCP/0:0 would basically mean, TCP (destination port ANY and source port ANY).
But the test proved that this is incorrect.
Still I'm wondering why someone would add TCP/0:0 as a service?

View solution in original post

9 REPLIES 9
AEK
SuperUser
SuperUser

Can you open this object and share a screenshot of its config?

AEK
AEK
WillemK
New Contributor II

 

Like this?


2024-01-09 11 34 44.png

AEK
SuperUser
SuperUser

I think it means TCP is simply not considered in this service.

AEK
AEK
WillemK
New Contributor II

Hmm.. Or perhaps the other way around, all IP address, (0.0.0.0), all source ports (0) and all destinations ports (0) are allowed.

To ignore or not to ignore, that the question. ;)

AEK

So just test it. Put it in a test policy and see if it allows or denies any tcp.

AEK
AEK
WillemK
New Contributor II

Hmmm.. 
@AEK Thanks. good tip. Honestly, did not think of it.
Okay. Done.
Once I added the "Web Access" services group the policy was being used, Meaning the traffic did not match the TCP/0:0 filter.
The question than actually still remains.
What does TCP/0:0 means and when will it be hit?
Source port = 0 and destination port = 0  ? If that is the case, what type of traffic, application, will that be?

hbac

Hi @WillemK

 

TCP/0:0 means TCP destination port range from 0 to 0. If you only use UDP, you can simply change the Protocol Type to UDP. 

 

Regards, 

WillemK
New Contributor II

@hbac with all respect, TCP/0-1:0-1 means destination port 0 till 1 : source port 0 - 1 both TCP. So, TCP/0:0 means TCP (destination port 0 and source port 0).

My concern was, is, that TCP/0:0 would basically mean, TCP (destination port ANY and source port ANY).
But the test proved that this is incorrect.
Still I'm wondering why someone would add TCP/0:0 as a service?

hbac

@WillemK,  

 

You are correct for the first part. However, TCP/0:0 is the opposite of ANY. No traffic will use source or destination port 0 which means TCP traffic will never match this service. As I mentioned, if this custom service is used for only UDP you can change the Protocol Type to UDP. 

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors