Description
This article provides the details on how to block BGP port 179 on the wan interface.
It helps to avoid being scanned from external network.
This also applies to the situation when the port 179 is "open" for the IPs defined in an ippool (even if not used)
Solution
There can be some scenario where it is required to block all the BGP service in Network.
In that case, Local-in-policy can be used to block the unwanted BGP port on WAN1 Interface.
The following example blocks traffic that matches the BGP firewall service.
# config firewall local-in-policy
edit 1
set intf wan1
set srcaddr all
set dstaddr all
set action deny
set service BGP
set schedule always
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.