Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BusinessUser
Contributor

Created on ‎09-29-2023 04:25 AM

TCP port 179 is open in firewall

Why is tcp port 179 open in firewall even though BGP is not used?

Because it is scanned as being open.

Is there any way to disable it?

Labels:
18810
0 Kudos
1 Solution
nweckel
Staff
Staff
In response to BusinessUser

Created on ‎10-09-2023 03:59 AM

Let's consider this topology:
172.16.1.1 ------ [LAN1|FGT|LAN2] ----- 192.168.1.1
LAN1 IP address: 172.16.1.2

You can block ping from 172.16.1.1 to 192.168.1.1 using firewall policy with srcintf LAN1 and dstintf LAN2.
But to block ping from 172.16.1.1 to 172.16.1.2, you need a local-in policy.

Easy example: In GUI navigate to Network> Interface. Edit an interface and allow administrative access ping.
This simply creates a local-in policy allow for ping on this interface.
You can display local-in policies in GUI in System> Feature Visibility.
If you don't allow administrative access ping on the interface: default local-in policy is used which is action=drop.

View solution in original post

18432
25 REPLIES 25
srajeswaran
Staff
Staff
In response to BusinessUser

Created on ‎10-08-2023 05:02 AM

A packet with destination IP of any of your interface is a traffic destined to your firewall, not just towards loopback or virtual IP. If you ping your interface IP, that is also a traffic destined to your firewall and it won't be processed by your firewall policies.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
2640
0 Kudos
BusinessUser
Contributor
In response to srajeswaran

Created on ‎10-08-2023 07:15 AM

I dont understand this part: If you ping your interface IP, that is also a traffic destined to your firewall and it won't be processed by your firewall policies.

 

My firewall policies can block or allow ping isnt it?

2634
0 Kudos
nweckel
Staff
Staff
In response to BusinessUser

Created on ‎10-09-2023 03:59 AM

Let's consider this topology:
172.16.1.1 ------ [LAN1|FGT|LAN2] ----- 192.168.1.1
LAN1 IP address: 172.16.1.2

You can block ping from 172.16.1.1 to 192.168.1.1 using firewall policy with srcintf LAN1 and dstintf LAN2.
But to block ping from 172.16.1.1 to 172.16.1.2, you need a local-in policy.

Easy example: In GUI navigate to Network> Interface. Edit an interface and allow administrative access ping.
This simply creates a local-in policy allow for ping on this interface.
You can display local-in policies in GUI in System> Feature Visibility.
If you don't allow administrative access ping on the interface: default local-in policy is used which is action=drop.

18433
BusinessUser
Contributor
In response to nweckel

Created on ‎10-09-2023 07:25 PM

THis totally explains my queries.

Thanks

2590
0 Kudos
hbac
Staff
Staff
In response to BusinessUser

Created on ‎10-07-2023 09:30 AM

Hi @BusinessUser

 

Firewall policies are for traffic passing through the FortiGate. local-in policies are for traffic coming directly to the FortiGate itself. You need to create two local-in policies, one to allow port 179 from ISP router and another one to block port 179 from any IP addresses. 

 

Regards, 

2686
0 Kudos
megumi35
New Contributor

Created on ‎10-08-2023 08:22 AM

I also have just noticed Port 179 is open after running the ShieldsUp test. I have one port closed and Port 179 open, when previously everything was stealth.

I have a Raspberry Pi running Home Assistant and would like to know what is actually using this. Everything else I see is a very vague generic description of 179 and BGP.

https://omegle.onl/ vshare
https://omegle.onl/ vshare
2627
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.