Forigate Custom Firewall Service - Source Port Range Question

We have a fortigate 100D - v4.0, build0665, 130514 (MR3 Patch 14). I need to create a new service. When I look at the programming of one of the other custom services (port 83) as an example, I notice the source port has a range of 83 to 65535 and the destination port is set to only 83. Here is the CLI programming…

config firewall service custom
    edit "83"
        set protocol TCP/UDP/SCTP
        set tcp-portrange 83:83-65535

I’m not sure why the range is set. Should it only be port 83 or should I set the range? I’m looking for the best practice and the pitfalls of using and/or not using the range.
Who is Participating?
SouljaConnect With a Mentor Commented:
The source ports should range from 1-65535 and your destinations port should be the port you are trying to access.

When sources connect to a destination through TCP/IP,  they will generate a random source port. That is why you want to allow that range. Now of course if your application uses a fixed source port for some reason you would use that, but most cases the source port is a range stated above.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.