So we use a FortiManager to manage all our remote firewalls. To enable the manager access to the remote fortigates you have to enable fgfm-access in the interface that it will be connecting to. When you do this, it open up port 541. All other management interfaces (ssh http/https telnet ping snmp) get restricted to trusted hosts, but fgfm-access gets opened up to the whole internet. Now the port is secure, but auditors freak out and customers don' t understand. Does anyone have any idea if there is a way to make this port appear as closed on a port scan instead of open? The best i have come up with is something like this:
config firewall local-in-policy
edit 2
set intf " port7"
set srcaddr " Test_Public"
set dstaddr " all"
set service " FortiManager_541"
set schedule " always"
set action accept
next
edit 1
set intf " port7"
set srcaddr " all"
set dstaddr " all"
set service " FortiManager_541"
set schedule " always"
set action deny
next
end
This at least changes the state to filtered on a port scan. Let me know if anyone has any ideas.
FCNSA/FCNSP