FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
naveenk
Staff
Staff
Article Id 190962
Description
This article explains how to close undesired open ports on the FortiGate to avoid being scanned from external sources or giving response to unusual requests.

Solution
Use local-in policies to close open ports or otherwise restrict access to FortiOS.
Here is the example to close all ICMP services on WAN1 interface.

Use the following command to close all ICMP ports on the WAN1 interface.
The following example blocks traffic that matches the ALL_ICMP firewall service.

# config firewall local-in-policy
    edit <ID>
        set intf wan1
        set srcaddr all
        set dstaddr all
        set action deny
        set service ALL_ICMP
        set schedule always
    end
This policy denies ICMP request coming from all sources to WAN1 interface.  
It is possible to xempt or include the specific sources under set srcaddr.
Also, block any services using the predefined services or by creating the custom services is possible under: Policy and Object -> Services.

Contributors