question

phantomscribe avatar image
1 Like"
phantomscribe asked

What is the best way to block malicious traffic to my WAN interface?

How do I prevent malicious actors from scanning my ports, and attempting brute force login to my WAN interface?
FortiOSPort policy
10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

·
logographer avatar image
1 Like"
logographer answered

It sounds like you are talking about administrative access to your WAN interface.

By default, when you allow administrative access on an interface such as your WAN, then your FortiGate will listen for traffic on the specified ports from any devices. If you don't want that, you can restrict admin access through the use of trusted hosts defined in your System Administrators. By defining trusted hosts on your Admins, your FortiGate will not listen on other devices not in the list.

Another more granular way of restricting access is using Local-In policies. Local-In policies define what traffic destined for the FortiGate interface it will listen to. By default, FortiGate does not listen to any ports, as defined in the Any/Any/Any/Drop default rule. But in practice, it listens to many ports as you enable services on the FortiGate, whether it's SSL VPN, IPsec VPN, BGP, DHCP, etc...

You can see the list of ports & services under Policy & Objects > Local In Policy. If you don't see this in the GUI, you must enable the view under System > Feature Visibility. Note that this page is read-only.

To define granular rules to block traffic from certain sources for example, use the CLI to configure.

config firewall {local-in-policy | local-in-policy6}
    edit <policy_number>
        set intf <interface>
        set srcaddr <source_address> [source_address] ...
        set dstaddr <destination_address> [destination_address] ...
        set action {accept | deny}
        set service <service_name> [service_name] ...
        set schedule <schedule_name>
        set comments <string>
    next
 end

See this page for information:

https://docs.fortinet.com/document/fortigate/6.4.8/administration-guide/363127/local-in-policies

10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Welcome to FortiAnswers

FortiAnswers is the space dedicated to FortiSASE and FortiOS questions and suggestions.

  • Please review the Community guidelines
  • If you are a moderator, please refer to the Moderation guidelines
  • If something in the above guidelines is unclear, please post your question to the Community Feedback space or the Moderators' space