Information
Ensure FortiGate Application Control blocks applications running on non-default ports.
Rationale:
Running applications on non-default ports is not directly a threat, but can be an indication of something unexpected. For example, HTTPS runs on port 443. Potentially, if an attacker starts a rogue HTTPS server on port 10443, it could be used for data exfiltration.
Solution
GUI:
1. Go to 'Security Profiles' > 'Application Control'.
2. Select relevant App Control profile.
Enable 'Block applications detected on non-default ports' option.
On CLI:
FGT1 # config application list
FGT1 (list) # edit <profile name>
FGT1 (<profile name>) # set enforce-default-app-port enable
Default Value:
Disabled
Item Details
Category: CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|CM-7, 800-53|CP-6, 800-53|CP-7, 800-53|PL-8, 800-53|PM-7, 800-53|SA-8, 800-53|SC-7
Control ID: 180bb5dda74d42a6dc7401789710fe6a8cb0e812fafa11dffc2894cecab248a4