Created on 05-26-2020 02:14 AM Edited on 02-05-2024 12:42 AM By Jean-Philippe_P
Description
This article describes how to block open ports on the FortiGate.
Solution
Below are the ports/protocols that are opened by design.
Ports.
500 & 4500 - VPN
1144 - Fusion Script
3799 - RADIUS dynamic Auth
520 - RIP
3784 - BFD Control Protocol
Protocols.
2 - IGMP (Internet Group Management)
89 - OSPFIGP
112 - VRRP
103 - PIM (Protocol Independent Multicast)
For Example if the RIP protocol is not used , create a service for the specific port and create local in policy with corresponding service
From CLI.
To block any port, follow the below steps to add a local policy to deny traffic.
Create service with the port.
# config firewall service custom
edit "RIP"
set category "General"
set udp-portrange 520
next
end
Add the local policy.
# config firewall local-in-policy
edit 1
set intf "any"
set srcaddr "all"
set dstaddr "all"
set service "RIP"
set schedule "always"
next
end
Local-in policies are used to close open ports or otherwise restrict access to FortiGate.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.