We are failing an external PCI scan because port 1000 and 1003 are open and listening on old security protocals. How can I disable these ports? I read that they are disabled by default, but they seem to be open. It looks like they are for Authentication. Thanks in advance.
You say 1000/1003 are listening on old-security protocols. Whose old protocols? built-in fortigate or your own?
What is the Fortigate model and firmware?
Have you looked at your local-in policies?
Have you opened a support ticket?
These are related to the keepalive for user authentication and not necessarily traffic trying to communicate outbound. You will see these messages when you have the logging set to log all traffic.
HTH
d
The ports are controlled via sys global
e.g
set auth-http-pot
set auth-https-port
If you have fwpolicy enable with user auth , then these are open.
Ken
PCNSE
NSE
StrongSwan
I filed a bug report for this 0488051. Hopefully it would be fixed if needed. So far it seems fine if open... ???
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.