This article describes one of the reasons why security port scanning over the internet passes through even though FortiGate does not respond.
Scope
FortiGate.
Solution
Well known open port numbers such as tcp-2000, tcp-8013, tcp-8008, tcp-8010, tcp-8015 and etc.
Some of the port scanning tools will be showing positive results, for example, 10.47.3.36 is the public IP of FortiGate, Zenmap port scanning tool always shows discovered open port results as shown in the screenshot below:
The window’s Command Prompt also shows pass through if telnet to FortiGate public IP as well:
But FortiGate is not responding to the port scanning tool or security scanning tool, it can be proven by capturing packet in FortiGate, it is either no packet received:
Or it is only the first TCP handshake ‘syn’ packet received continuously from the port scanning tool only, which is no response from FortiGate.
One of the reasons port scanning tools discovered open ports is because there are some devices such as proxy or unknown devices doing the proxy inspection and opening the port on behalf of FortiGate, so it is not recommended to scan port over the internet instead of point-to-point if it is target to FortiGate public IP address.
