Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Created on ‎05-28-2024 11:29 AM

web services posts on fortigate

Good morning friends, a question.

 

I have several web services posts on fortigate. According to a report, I see that the attack events are related to the http port.

 

What considerations should I have before removing the http port in the publication?

 

Is it simply changing the port in the VIP? Or is it also required to make changes to the web servers?

Labels:
985
0 Kudos
7 REPLIES 7
hbac
Staff
Staff

Created on ‎05-29-2024 07:26 AM

Hi @unknown1020,

 

If you don't want port 80 to be exposed, you can remove the VIP that forward port 80.

 

Regards, 

936
unknown1020
New Contributor III
In response to hbac

Created on ‎06-05-2024 02:52 PM

Hello, thank you for responding, but the port change must be made in the VIP and also on the server, right?

849
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎05-29-2024 09:17 AM

Hi Unknown

You can change to HTTPS but this will not prevent attacks. Best solution to block the attacks is to use a separate WAF appliance between FG and the back-end server.

If the server is just for test purpose or you can't use a separate WAF than you may use FortiGate's WAF profile with a virtual server object.

AEK
AEK
921
DPadula
Staff
Staff

Created on ‎06-05-2024 06:05 PM

As mentioned by AEK changing the port number is not a solution.
Besides the WAF have a look on DoS policies inside the FGT as well. Might help you to prevent some of the attacks.
https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/771644/dos-policy

826
unknown1020
New Contributor III
In response to DPadula

Created on ‎06-06-2024 08:06 AM

Thanks for the response, a question, when configuring DOS Policy, could that configuration increase the firewall CPU consumption? I have planned to first put it in monitor mode to view the events, then apply the respective locks.

795
0 Kudos
AEK
SuperUser
SuperUser
In response to unknown1020

Created on ‎06-06-2024 09:16 AM

I think DoS policy will consume the same CPU either in monitor mode or in block mode. As per my experience with it it doesn't consume significant processing (nothing visible).

AEK
AEK
790
DPadula
Staff
Staff

Created on ‎06-06-2024 04:16 PM

Hi unknown1020

 

A good strategy is to record a base line regarding memory, CPU and sessions on busy and normal business days for the firewall operation.
Having that it will help you in the future to identify if a feature (not only DoS Policies) or any change on the network has affected the environment.

 

As mentioned by my colleague AEK I don't think enabling DoS policy will add significant CPU usage.

Of course, every feature that you enable will always consume an amount of CPU and memory even it is not in use. As a good practice always disable features that you don't need. 

 

Cheers

762
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.