Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Forigate Custom Firewall Service - Source Port Range Question

Posted on 2014-01-09
1
789 Views
1 Endorsement
Last Modified: 2014-01-12
We have a fortigate 100D - v4.0, build0665, 130514 (MR3 Patch 14). I need to create a new service. When I look at the programming of one of the other custom services (port 83) as an example, I notice the source port has a range of 83 to 65535 and the destination port is set to only 83. Here is the CLI programming…

config firewall service custom
    edit "83"
        set protocol TCP/UDP/SCTP
        set tcp-portrange 83:83-65535
    next
end

I’m not sure why the range is set. Should it only be port 83 or should I set the range? I’m looking for the best practice and the pitfalls of using and/or not using the range.
1
Comment
Question by:SamSchulman
1 Comment
 
LVL 26

Accepted Solution

by:
Soulja earned 500 total points
ID: 39768157
The source ports should range from 1-65535 and your destinations port should be the port you are trying to access.

When sources connect to a destination through TCP/IP,  they will generate a random source port. That is why you want to allow that range. Now of course if your application uses a fixed source port for some reason you would use that, but most cases the source port is a range stated above.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question