FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akawade
Staff
Staff
Article Id 198642

Description


This article provides the details on how to block BGP port 179 on the wan interface.
It helps to avoid being scanned from external network.

This also applies to the situation when the port 179 is "open" for the IPs defined in an ippool (even if not used)

Solution


There can be some scenario where it is required to block all the BGP service in Network.
In that case, Local-in-policy can be used to block the unwanted BGP port on WAN1 Interface.
The following example blocks traffic that matches the BGP firewall service.

# config firewall local-in-policy
    edit 1
        set intf wan1
        set srcaddr all
        set dstaddr all
        set action deny
        set service BGP
        set schedule always
    end