Information
Ensure FortiGate Application Control blocks applications running on non-default ports.
Running applications on non-default ports is not directly a threat, but can be an indication of something unexpected. For example, HTTPS runs on port 443. Potentially, if an attacker starts a rogue HTTPS server on port 10443, it could be used for data exfiltration.
Solution
GUI:
1. Go to "Security Profiles" > "Application Control".
2. Select relevant App Control profile.
Enable "Block applications detected on non-default ports" option.
On CLI:
FGT1 # config application list
FGT1 (list) # edit <profile name>
FGT1 (<profile name>) # set enforce-default-app-port enable