Ad Widget

Collapse

Template Fortigate by HTTP : Stop working with a port different from 443

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Funkokedama
    Junior Member
    • Mar 2024
    • 1
    #1

    Template Fortigate by HTTP : Stop working with a port different from 443

    Hi, i'm using template fortigate by http to monitor a Fortigate600E.
    Everything works fine with default port 443.

    I'd like to change default port from 443 to 9443.
    FortigateSide: System-> Settings-> HTTPS port -> 9443
    ZabbixSide: {$FGATE.API.PORT} macro defined at host level in Zabbix -> 9443

    This didn't work.
    From Centos ( zabbix server ) i can reach the port -> nc -z -v x.x.x.x 9443

    Additionally:

    I can't snif any packet produced by Zabbix server with port 9443
    I can snif the packet produced by Centos (Zabbix's server) with this command -> nc -z -v x.x.x.x 9443
    Tags: None
    • Answer selected by Funkokedama at 07-03-2024, 12:37.
      cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4807
      selinux enabled? By default zabbix server/proxy can connect only to "known ports" like 22 or 443... If you want to enable connecting to any port, you may need to set following
      setsebool -P zabbix_can_network 1
        👍 1
        • Selected Answer

        Comment

        • Funkokedama
          Funkokedama commented
          07-03-2024, 12:38
          Editing a comment
          You are a genius!
          It worked!

          Thank you so much!
        • markfree
          Senior Member
          • Apr 2019
          • 868
          #2
          Are you using an HTTP proxy for your Forti ( {$FGATE.HTTP.PROXY} macro )?

          Is your Forti monitored by the Zabbix Server itself or by a Zabbix Proxy?

          Have you configured a trusted host on the FortiGate side?
          Is there a drop rule for port 9443 in your Forti?

            Comment

            • Funkokedama
              #2.1
              Funkokedama commented
              07-03-2024, 09:57
              Editing a comment
              No HTTP proxy; Forti is monitored by Zabbix server.
              Yes trusted host is configured.
              No drop rule configured; also checked local-in policy and how they change when moving https port from 443 to 9443. -> Everything seems ok

              I think that the key point is why i can't snif any packet when changing port from 443 to 9443
            • cyber
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Dec 2006
              • 4807
              #3
              selinux enabled? By default zabbix server/proxy can connect only to "known ports" like 22 or 443... If you want to enable connecting to any port, you may need to set following
              setsebool -P zabbix_can_network 1
                👍 1
                • Selected Answer

                Comment

                • Funkokedama
                  #3.1
                  Funkokedama commented
                  07-03-2024, 12:38
                  Editing a comment
                  You are a genius!
                  It worked!

                  Thank you so much!
                • cyber
                  Senior Member
                  Zabbix Certified SpecialistZabbix Certified Professional
                  • Dec 2006
                  • 4807
                  #4
                  No geniuses here... This question has been asked many times already... And I have answered it many times... Someone should take up constructing a FAQ page here... it would certainly be there... along with "how to exclude windows services from discovery" or why my "last(/host/item, #5) trigger expression does not work etc..:P
                    😀 1

                    Comment

                    Previous template Next
                    Working...