Technical Note : Allowing FSSO Ports when using Windows Server 2008
Products
FortiGate
Description

A new feature was implemented in Windows Server 2008 called 'Windows Firewall with Advanced Security'. This feature can sometimes block the FSSO ports from passing the traffic to the FortiGate.

Solution
The ports 8000 and 8001 should be allowed either via the GUI or by command line.

Using the GUI:

Go to Start Menu -> Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security

Using the command line:
For Inbound Traffic:

C:\>netsh advfirewall firewall add rule name="FSAE_TCP_8000" dir=in action=allow protocol=TCP localport=8000
C:\>netsh advfirewall firewall add rule name="FSAE_UDP_8000" dir=in action=allow protocol=UDP localport=8000
C:\>netsh advfirewall firewall add rule name="FSAE_TCP_8001" dir=in action=allow protocol=TCP localport=8001
C:\>netsh advfirewall firewall add rule name="FSAE_UDP_8001" dir=in action=allow protocol=UDP localport=8001

For Outbound Traffic:

C:\>netsh advfirewall firewall add rule name="FSAE_TCP_8000" dir=out action=allow protocol=TCP localport=8000
C:\>netsh advfirewall firewall add rule name="FSAE_UDP_8000" dir=out action=allow protocol=UDP localport=8000
C:\>netsh advfirewall firewall add rule name="FSAE_TCP_8001" dir=out action=allow protocol=TCP localport=8001
C:\>netsh advfirewall firewall add rule name="FSAE_UDP_8001" dir=out action=allow protocol=UDP localport=8001

After having added in the ports, either via GUI or by command line, the following entries should be seen:



Last Modified Date: 05-10-2012 Document ID: FD33504