Solved

Forigate Custom Firewall Service - Source Port Range Question

Posted on 2014-01-09
1
770 Views
1 Endorsement
Last Modified: 2014-01-12
We have a fortigate 100D - v4.0, build0665, 130514 (MR3 Patch 14). I need to create a new service. When I look at the programming of one of the other custom services (port 83) as an example, I notice the source port has a range of 83 to 65535 and the destination port is set to only 83. Here is the CLI programming…

config firewall service custom
    edit "83"
        set protocol TCP/UDP/SCTP
        set tcp-portrange 83:83-65535
    next
end

I’m not sure why the range is set. Should it only be port 83 or should I set the range? I’m looking for the best practice and the pitfalls of using and/or not using the range.
1
Comment
Question by:SamSchulman
1 Comment
 
LVL 26

Accepted Solution

by:
Soulja earned 500 total points
ID: 39768157
The source ports should range from 1-65535 and your destinations port should be the port you are trying to access.

When sources connect to a destination through TCP/IP,  they will generate a random source port. That is why you want to allow that range. Now of course if your application uses a fixed source port for some reason you would use that, but most cases the source port is a range stated above.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now