Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mikeymouse
New Contributor

Created on ‎01-06-2022 09:59 AM

Port 8013 causing PCI compliance failure

Hi, relatively new to the world of PCI compliance as well as certificates and need some advice. A PCI scan continues to fail with the certificate connected with port 8013 being the issue. I cannot for the life of me find the service that runs on that port to either shut it off or correct the certificate issue. Any help is greatly appreciated.pci failure.PNG

Labels:
3498
0 Kudos
1 Solution
andrewbailey
Contributor II

Created on ‎01-06-2022 11:28 AM

Hi mikeymouse,

 

The ports used by FortiOS can be found in the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.0/fortios-ports/637075/incoming-ports

 

It lists port 8013 as being used by FortiClient for "Compliance and Security Fabric".

 

If you aren't using FortiClient (and dont plan to) then you should be able to turn this off via change to the "local in" policy.

 

Again, there is some guidance on the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.3/administration-guide/363127/local-in-policies

 

I hope that's enough to help you resolve your issues!

 

Kind Regards,

 

 

Andy.

View solution in original post

3490
0 Kudos
3 REPLIES 3
andrewbailey
Contributor II

Created on ‎01-06-2022 11:28 AM

Hi mikeymouse,

 

The ports used by FortiOS can be found in the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.0/fortios-ports/637075/incoming-ports

 

It lists port 8013 as being used by FortiClient for "Compliance and Security Fabric".

 

If you aren't using FortiClient (and dont plan to) then you should be able to turn this off via change to the "local in" policy.

 

Again, there is some guidance on the documentation site here:-

 

https://docs.fortinet.com/document/fortigate/7.0.3/administration-guide/363127/local-in-policies

 

I hope that's enough to help you resolve your issues!

 

Kind Regards,

 

 

Andy.

3491
0 Kudos
Debbie_FTNT
Staff
Staff

Created on ‎01-07-2022 05:24 AM

To elaborate on Andrew's response, if you don't use FortiClient or FortiAP, you can disable (depending on your FortiGate firmware version) either disable FortiTelemetry or Security Fabric (which is FortiTelemetry and CAPWAP bundled) on the interface(s). If you do use FortiAPs for wireless stuff, and only have the Security Fabric option, you can't disable it. In that case a local-in policy as Andrew advised is your best option.

 

Cheers!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
3426
0 Kudos
mikeymouse
New Contributor

Created on ‎01-07-2022 07:17 AM

Thanks, the local in policy solved my issue then. I appreciate the responses!

3423
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.