It does seem you work roughly the opposite hours of myself (or just post late?), but I can try to be available to provide further help via Zoom or TeamViewer or something for a reasonable fee. However, you might want to look at any Web Filter profiles in use and make sure they aren't blocking this, or consider whitelisting the domains(endpoints) listed. Unfortunately there is no way to do a reverse lookup on a wildcard FQDN, so without an actual list of servers you may not be able to craft a policy specific to Carbonite. However, the on-board logging capabilities of the FortiGate may be sufficient if you don't have too much traffic or can investigate when there's not much going on. I'm sure in your small environment you don't have a FortiAnalyzer, right? The logging and search capabilities of it are amazing in my day-to-day work I spend almost as much time in the FortiAnalyzer as I do in the FortiGate because it can give me the answer to the problem so quickly. If I had $1 for every time I've seen that, even with Microsoft. Port 53 they probably just want to make sure your PCs can do DNS lookups, but if you have them pointed to internal or specific external DNS servers, that part can be locked down as well (which is a valid security concern).Ĩ0 and 443 are probably already going to be open unless you really lock down the web traffic that users can go to.so I'm actually wondering if there is more traffic needed that's not documented. That would be the biggest security concern as far as having it open to all would mean your computers could spam the world basically if they got infected. Reading the article, I'm not sure why port 25 would be needed, and I don't see it mentioned in the linked article.
0 Comments
Leave a Reply. |