Fortigate 50B (Cant activate/enable custom service "PORT")

Posted on 2011-10-24
Last Modified: 2013-11-29
Hello Experts,

I have very strange issue with Fortigate 50b IPS.
I have Kerio Connect mail server in my company, Yesterday i created firewall polikcy for it with ports as explained, my problem is custom Services/ports. I have created IMAPS/993 service/port added it to the policy but firewall dropping it. Actually firewall drops all custom services/ports i made. Predefined Services/ports work good.

Ideas? Why custom Services/ports not work?
Please help.
Thank you,

Service (default port)       Outgoing connection       Incoming connection
SMTP (25)       allow       allow
SMTPS (465)       allow       allow
SMTP Submission (587)[a]      allow       allow
POP3 (110)       allow       deny
POP3S (995)       allow       allow
IMAP (143)       allow       deny
IMAPS (993)       allow       allow
NNTP (119)       allow       deny
NNTPS (563)       allow       allow
LDAP (389)       allow       deny
LDAPS (636)       allow       allow
HTTP (80, 4040, 8800)       allow       deny
HTTPS (443, 4040, 8443)       allow       allow

 50B Services
Question by:DanSmir
    LVL 22

    Expert Comment

    when you create the custom port (service), what do you put for the source port config..  you should leave them at 1-65535
    Is that what you did?

    Author Comment

    Chakko, nnnno,  see attached.  port
    LVL 22

    Accepted Solution

    is this a rule for a client PC (for example) on the LAN needs to get to the internet via port 563?

    you want the source port setting to be Low:1  high: 65535    
    destination leave as you have it: Low/High: 563


    Author Comment

    Firewall should listen to some specific external port and redirect it to internal not to a range? Am i wrong?

    Author Comment


    Or god, it is so strange man, but you right :)

    Thank you!!!

    Author Closing Comment

    Thank you!!!
    LVL 22

    Expert Comment

    Do you want a connection from the internet (POP3) TCP 110 to come into your firewall and then go to your Kerio mail server?

    You need to Create a Virtual IP setup for that and use that Virtual IP in your firewall Rule.  In the Virtual IP setup you specify the port.  Then in the firewall rule you can leave ANY for the service or use your Custom service (port), but since the Virtual IP setup specifies the Port already, the firewall rule can use ANY

    Author Comment


    Thanks man, but Virtual IP configured, that was the easiest thing. I had a problem only with Services/Ports.

    Thanks again.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now