Fortinet Document Library

Version:


Table of Contents

6.3.7
Download PDF
Copy Link

Optional: Creating a security list

Security list controls the traffic for your VM instances. In order for FortiWeb-VM to connect and run properly, it's recommended to allow traffic for the following port numbers.

Protocol Port range Purpose
TCP 80 Allow inbound HTTP web traffic access from all IPv4 and IPv6 addresses.
It's required to add this rule and set the port range as 80.
TCP 443 Allow inbound HTTPS web traffic access from all IPv4 and IPv6 addresses.
It's required to add this rule and set the port range as 443.
TCP 995

Allow inbound configuration synchronization requests sent by the peer/remote FortiWeb-VM from all IPv4 and IPv6 addresses.
Add this rule if you want to use the Config Synchronization feature of FortiWeb. The port range should be set as 995.

TCP 22 Allow inbound SSH access from all IPv4 and IPv6 addresses.
Add this rule if you want to access FortiWeb-VM through CLI. You can set the port range according to your own needs.
TCP 90 Allow inbound access requests sent by FortiWeb Manager from all IPv4 and IPv6 addresses.
Add this rule only if you use FortiWeb Manager to manage your FortiWeb-VMs. The port range should be set as 90.
TCP 8080 Allow inbound HTTP access to FortiWeb GUI from all IPv4 and IPv6 addresses.
This is optional. The HTTP access to FortiWeb's GUI will be redirected to HTTPS.
TCP 8443 Allow inbound HTTPS access to FortiWeb GUI from all IPv4 and IPv6 addresses.
This is mandatory.

In addition to the ports listed above, FortiWeb uses other ports for incoming traffic (listening) depending on different purposes. See Appendix A: Port numbers for more information.

To create a security list and allow traffic for certain ports:

  1. Click Default Security List for the 10.0.0.0/24, which you defined as the public side of the network.


  2. Note that by default, port 22 is allowed.

  3. Click Edit all Rules > Add Rule. Manually add a rule to allow ports according to your own needs. In the following screenshot, we configure the settings to allow traffic for port 22, 90, 995, 80, 443, 8080, and 8443.

  4. Click Save Security List Rules.

Optional: Creating a security list

Security list controls the traffic for your VM instances. In order for FortiWeb-VM to connect and run properly, it's recommended to allow traffic for the following port numbers.

Protocol Port range Purpose
TCP 80 Allow inbound HTTP web traffic access from all IPv4 and IPv6 addresses.
It's required to add this rule and set the port range as 80.
TCP 443 Allow inbound HTTPS web traffic access from all IPv4 and IPv6 addresses.
It's required to add this rule and set the port range as 443.
TCP 995

Allow inbound configuration synchronization requests sent by the peer/remote FortiWeb-VM from all IPv4 and IPv6 addresses.
Add this rule if you want to use the Config Synchronization feature of FortiWeb. The port range should be set as 995.

TCP 22 Allow inbound SSH access from all IPv4 and IPv6 addresses.
Add this rule if you want to access FortiWeb-VM through CLI. You can set the port range according to your own needs.
TCP 90 Allow inbound access requests sent by FortiWeb Manager from all IPv4 and IPv6 addresses.
Add this rule only if you use FortiWeb Manager to manage your FortiWeb-VMs. The port range should be set as 90.
TCP 8080 Allow inbound HTTP access to FortiWeb GUI from all IPv4 and IPv6 addresses.
This is optional. The HTTP access to FortiWeb's GUI will be redirected to HTTPS.
TCP 8443 Allow inbound HTTPS access to FortiWeb GUI from all IPv4 and IPv6 addresses.
This is mandatory.

In addition to the ports listed above, FortiWeb uses other ports for incoming traffic (listening) depending on different purposes. See Appendix A: Port numbers for more information.

To create a security list and allow traffic for certain ports:

  1. Click Default Security List for the 10.0.0.0/24, which you defined as the public side of the network.


  2. Note that by default, port 22 is allowed.

  3. Click Edit all Rules > Add Rule. Manually add a rule to allow ports according to your own needs. In the following screenshot, we configure the settings to allow traffic for port 22, 90, 995, 80, 443, 8080, and 8443.

  4. Click Save Security List Rules.