Report Fortigate Firewall Client : SECP Network Interfaces Physical Interfaces Used Interface Status Services Subnet Port1 UP ping/https/http 202.63.201.33/255.255.255.224 Port3 Down - - Port5 Down - - WAN1 UP ping/https/http/FMG-Access 61.28.100.94/255.255.255.252 Static Route Destination: ( default ) 0.0.0.0/0 Gateway: 61.28.100.93 Interface: WAN1 Policy & Objects IPv4 Policy Incoming Interface as Source: WAN1 Outgoing Interface as Destination: Port1 Policy Name Source IP Destination IP Desired Services Accept / Deny Schedule of application PING 58.27.230.115 58.27.230.123 202.63.201.46 202.63.201.49 202.63.201.39 MX3.secp.gov.pk 202.63.201.47 202.63.201.53 202.63.201.34 202.63.201.35 202.63.201.37 202.63.201.38 202.63.201.40 202.63.201.41 es-node01.secp.gov.pk 202.63.201.42 es-node02.secp.gov.pk 202.63.215.74 PING Allowed Always Allowed Always Http Allowed Always 202.63.201.55 161 Allowed Always Firewall Simple network management protocol (SNMP). Used for various devices (including firewalls and routers) to communicate logging and management information with remote monitoring applications. Typically, SNMP agents listen on UDP port 161 Allowed Cubexs Users SECP RDP to WAN 58.27.230.115 58.27.230.123 Allowed Cubexs Users SECP RDP to PfSense 58.27.230.115 58.27.230.123 202.63.201.54 DESKTOP SECP VDC 202.63.201.55 i.e: Only allowed IP’s can check the ping status of Source IP’s 9095 47907 Customized RDP ports Http & Https ports for web access Firewall Allowed Cubexs Users Cacti to PfSense 202.63.215.58 Advance Search 58.27.230.115 58.27.230.123 202.63.201.37 202.63.201.40 8443 Allowed Always an alternative port for https i.e. 443, can be used as a port for httpsCA(https with Client Authentication) Allowed Cubexs Users Http / Https Any / all 202.63.201.34 SECP TMG machine 202.63.201.35 SECP TMG machine 202.63.201.36 Srstgweb machine 202.63.201.37 Srstgweb (staging) machine 202.63.201.38 Srstgweb machine 202.63.201.40 Srstgweb machine 202.63.201.46 202.63.201.47 202.63.201.48 202.63.201.49 202.63.201.50 202.63.201.53 202.63.215.74 Http & Https Allowed Always SMTP Any / all 202.63.201.39 SMTP Allowed Always WEB 58.27.230.115 58.27.230.123 202.63.201.40 202.63.201.37 10022 Allowed Always 202.63.201.34 202.63.201.35 202.63.201.36 202.63.201.38 202.63.201.40 202.63.201.49 (Windows Server 2012 machine) 202.63.201.53 (Windows Server 2012 machine) 12022 Allowed Always Allowed Cubexs Users SSH / RDP 58.27.230.115 58.27.230.123 Allowed Cubexs Users 202.63.201.39 202.63.215.74 202.63.201.37 FTP 58.27.230.115 58.27.230.123 Allowed Cubexs Users 202.63.201.48 202.63.201.50 FTP PING Allowed Always SECP RDP to SSH 58.27.230.115 58.27.230.123 202.63.201.46 202.63.201.47 (Jamapunji Webinar) 202.63.201.48 (Jamapunji Web machine) 202.63.201.50 (Jamapunji Web machine) 202.63.201.51 (Oracle BD Machine) 202.63.201.52 (Oracle BD Machine) SSH Allowed Always Ant / all 202.63.201.39 587 Allowed Always Blocked IPs 103.91.80.2 118.25.21.45 123.249.0.126 126.249.35.46 202.141.255.98 208.91.115.11 221.229.204.120 58.218.200.14 Any / all IP Deny Always DDOS Protection Any / all Any / all 11211 135-139 1433-1434 1900 445 Deny Always Allowed Cubexs Users WAN Above blocked ports are vulnerable to DDOS attacks Policy & Objects Have been defined in above table Services Have been defined in above table