• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3337
  • Last Modified:

Fortigate 50B (Cant activate/enable custom service "PORT")

Hello Experts,

I have very strange issue with Fortigate 50b IPS.
I have Kerio Connect mail server in my company, Yesterday i created firewall polikcy for it with ports as explained, my problem is custom Services/ports. I have created IMAPS/993 service/port added it to the policy but firewall dropping it. Actually firewall drops all custom services/ports i made. Predefined Services/ports work good.

Ideas? Why custom Services/ports not work?
Please help.
Thank you,
Dan


Service (default port)       Outgoing connection       Incoming connection
SMTP (25)       allow       allow
SMTPS (465)       allow       allow
SMTP Submission (587)[a]      allow       allow
POP3 (110)       allow       deny
POP3S (995)       allow       allow
IMAP (143)       allow       deny
IMAPS (993)       allow       allow
NNTP (119)       allow       deny
NNTPS (563)       allow       allow
LDAP (389)       allow       deny
LDAPS (636)       allow       allow
HTTP (80, 4040, 8800)       allow       deny
HTTPS (443, 4040, 8443)       allow       allow

 50B Services
0
DanSmir
Asked:
DanSmir
  • 5
  • 3
1 Solution
 
chakkoCommented:
when you create the custom port (service), what do you put for the source port config..  you should leave them at 1-65535
Is that what you did?
0
 
DanSmirAuthor Commented:
Chakko, nnnno,  see attached.  port
0
 
chakkoCommented:
is this a rule for a client PC (for example) on the LAN needs to get to the internet via port 563?

you want the source port setting to be Low:1  high: 65535    
destination leave as you have it: Low/High: 563

0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
DanSmirAuthor Commented:
Firewall should listen to some specific external port and redirect it to internal not to a range? Am i wrong?
0
 
DanSmirAuthor Commented:
CHAKKO

Or god, it is so strange man, but you right :)

Thank you!!!
0
 
DanSmirAuthor Commented:
Thank you!!!
0
 
chakkoCommented:
Do you want a connection from the internet (POP3) TCP 110 to come into your firewall and then go to your Kerio mail server?

You need to Create a Virtual IP setup for that and use that Virtual IP in your firewall Rule.  In the Virtual IP setup you specify the port.  Then in the firewall rule you can leave ANY for the service or use your Custom service (port), but since the Virtual IP setup specifies the Port already, the firewall rule can use ANY
0
 
DanSmirAuthor Commented:
CHAKKO,

Thanks man, but Virtual IP configured, that was the easiest thing. I had a problem only with Services/Ports.

Thanks again.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now