Fortinet FortiGate 4000 User Manual

206

Fortinet Inc.

Services

Firewall configuration

GRE

Generic Routing Encapsulation. A protocol

that allows an arbitrary network protocol to be

transmitted over any other arbitrary network

protocol, by encapsulating the packets of the

protocol within GRE packets.

47

AH

Authentication Header. AH provides source

host authentication and data integrity, but not

secrecy. This protocol is used for

authentication by IPSec remote gateways set

to aggressive mode.

51

ESP

Encapsulating Security Payload. This service

is used by manual key and AutoIKE VPN

tunnels for communicating encrypted data.

AutoIKE key VPN tunnels use ESP after

establishing the tunnel using IKE.

50

AOL

AOL instant messenger protocol.

tcp

5190-5194

BGP

Border Gateway Protocol routing protocol.

BGP is an interior/exterior routing protocol.

tcp

179

DHCP-Relay

Dynamic Host Configuration Protocol (DHCP)

allocates network addresses and delivers

configuration parameters from DHCP servers

to hosts.

udp

67

DNS

Domain name service for translating domain

names into IP addresses.

tcp

53

udp

53

FINGER

A network service that provides information

about users.

tcp

79

FTP

FTP service for transferring files.

tcp

21

GOPHER

Gopher communication service. Gopher

organizes and displays Internet server

contents as a hierarchically structured list of

files.

tcp

70

H323

H.323 multimedia protocol. H.323 is a

standard approved by the International

Telecommunication Union (ITU) that defines

how audiovisual conferencing data is

transmitted across networks.

tcp

1720, 1503

HTTP

HTTP is the protocol used by the word wide

web for transferring data for web pages.

tcp

80

HTTPS

HTTP with secure socket layer (SSL) service

for secure communication with web servers.

tcp

443

IKE

IKE is the protocol to obtain authenticated

keying material for use with ISAKMP for

IPSEC.

udp

500

IMAP

Internet Message Access Protocol is a

protocol used for retrieving email messages.

tcp

143

Internet-Locator-

Service

Internet Locator Service includes LDAP, User

Locator Service, and LDAP over TLS/SSL.

tcp

389

IRC

Internet Relay Chat allows people connected

to the Internet to join live discussions.

tcp

6660-6669

L2TP

L2TP is a PPP-based tunnel protocol for

remote access.

tcp

1701

Table 46: FortiGate predefined services (Continued)

Service name

Description

Protocol

Port