Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yeowkm99
Contributor

TCP port 514 in FortiAnalyzer

During a recent VAPT security scanning, TCP port 514 was flagged out to be have weak SSL cert.

The recommendation was to get a propert SSL certificate for the appliance.

Can we disable port 514 on the Analyzer ?

my firmware version is 6.4.10. will upgrade to version 7.2 soon.

 

Contact the Certificate Authority to have the certificate reissued.
Purchase or generate a proper certificate for this service.
1 Solution
Debbie_FTNT
Staff
Staff

You can generate a certificate via Let's Encrypt for example, and use that instead (replace the server certificate in FortiAnalyzer system settings):

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/718606/provision-a-trusted-certificate-...

-> the guide is for FortiGate, but generating the certificate is very similar on FortiAnalyzer

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

2 REPLIES 2
srajeswaran
Staff
Staff

TCP port 514 on Fortianalyzer is used by fortigates to connect and send logs, unfortunately we cannot disable that.

https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/766616/fortianalyzer-open-por...

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Debbie_FTNT
Staff
Staff

You can generate a certificate via Let's Encrypt for example, and use that instead (replace the server certificate in FortiAnalyzer system settings):

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/718606/provision-a-trusted-certificate-...

-> the guide is for FortiGate, but generating the certificate is very similar on FortiAnalyzer

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Top Kudoed Authors