Fortinet white logo
Fortinet white logo

Handbook

Service port settings

Service port settings

By default, the FortiDDoS system listens for HTTP traffic on TCP service port 80, SSL/TLS traffic on TCP service port 443 and DTLS traffic on UDP service port 443.

If the servers in your network use nonstandard ports for HTTP, SSL/TLS or DTLS traffic, you can configure the system to listen for these protocols on nonstandard service ports. You can configure up to 128 HTTP, SSL/TLS or DTLS service ports or port ranges.

Note: If you have configured or removed a Service Port AFTER you have created System Recommended Thresholds, you must run them again for every SPP.

The system recommended threshold procedure excludes HTTP & SSL service ports from the port configuration ranges that it generates. When user-configured HTTP and SSL service ports are enabled, the packet rate thresholds for the user-configured ports are set to a high rate. If HTTP or SSL service port configuration is subsequently removed, the threshold remains at the high rate until you change it manually or perform the System Recommended Threshold procedure.

Before you begin:

  • You must have Read-Write permission for Global Settings.
To configure HTTP Service Port settings:
  1. Go to Service Protection > Service Protection Policy > {SPP List} > Service Protection Policy > Service Port Settings
  2. Enter list of ports or port ranges, each separated by a space
  3. Click Save.

Tooltip

To configure using the CLI:

config ddos spp rule

edit <spp_name>

set http-service-port <value>

set ssl-service-port <value>

next

end

Service port settings

Service port settings

By default, the FortiDDoS system listens for HTTP traffic on TCP service port 80, SSL/TLS traffic on TCP service port 443 and DTLS traffic on UDP service port 443.

If the servers in your network use nonstandard ports for HTTP, SSL/TLS or DTLS traffic, you can configure the system to listen for these protocols on nonstandard service ports. You can configure up to 128 HTTP, SSL/TLS or DTLS service ports or port ranges.

Note: If you have configured or removed a Service Port AFTER you have created System Recommended Thresholds, you must run them again for every SPP.

The system recommended threshold procedure excludes HTTP & SSL service ports from the port configuration ranges that it generates. When user-configured HTTP and SSL service ports are enabled, the packet rate thresholds for the user-configured ports are set to a high rate. If HTTP or SSL service port configuration is subsequently removed, the threshold remains at the high rate until you change it manually or perform the System Recommended Threshold procedure.

Before you begin:

  • You must have Read-Write permission for Global Settings.
To configure HTTP Service Port settings:
  1. Go to Service Protection > Service Protection Policy > {SPP List} > Service Protection Policy > Service Port Settings
  2. Enter list of ports or port ranges, each separated by a space
  3. Click Save.

Tooltip

To configure using the CLI:

config ddos spp rule

edit <spp_name>

set http-service-port <value>

set ssl-service-port <value>

next

end