4.4.2 Block applications running on non-default ports

Information

Ensure FortiGate Application Control blocks applications running on non-default ports.

Running applications on non-default ports is not directly a threat, but can be an indication of something unexpected. For example, HTTPS runs on port 443. Potentially, if an attacker starts a rogue HTTPS server on port 10443, it could be used for data exfiltration.

Solution

GUI:

1. Go to "Security Profiles" > "Application Control".
2. Select relevant App Control profile.

Enable "Block applications detected on non-default ports" option.

On CLI:

FGT1 # config application list

FGT1 (list) # edit <profile name>

FGT1 (<profile name>) # set enforce-default-app-port enable

See Also

https://workbench.cisecurity.org/benchmarks/15284

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3

Plugin: FortiGate

Control ID: 537c4a8c8ac750145c67facd1b56b9d12917ef4c1655564876874eef955caa87