Fortinet black logo

Handbook

Changing the protocol or port that a session helper listens on

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:434753
Download PDF

Changing the protocol or port that a session helper listens on

Most session helpers are configured to listen for their sessions on the port and protocol that they typically use. If your FortiGate unit receives sessions that should be handled by a session helper on a non-standard port or protocol you can use the following procedure to change the port and protocol used by a session helper. The following example shows how to change the port that the pmap session helper listens on for Sun RPC portmapper TCP sessions. By default pmap listens on TCP port 111.

To change the port that the pmap session helper listens on to TCP port 112
  1. Confirm that the TCP pmap session helper entry is 11 in the session-helper list:
  2. show system session-helper 11

    config system session-helper

    edit 11

    set name pmap

    set port 111

    set protocol 6

    next

    end

  3. Enter the following command to change the TCP port to 112.
  4. config system session-helper

    edit 11

    set port 112

    end

  5. The pmap session helper also listens on UDP port 111. Confirm that the UDP pmap session helper entry is 12 in the session-helper list:
  6. show system session-helper 12

    config system session-helper

    edit 12

    set name pmap

    set port 111

    set protocol 17

    next

    end

  7. Enter the following command to change the UDP port to 112.
  8. config system session-helper

    edit 12

    set port 112

    end

Use the following command to set the h323 session helper to listen for ports on the UDP protocol.

To change the protocol that the h323 session helper listens on
  1. Confirm that the h323 session helper entry is 2 in the session-helper list:
  2. show system session-helper 2

    config system session-helper

    edit 2

    set name h323

    set port 1720

    set protocol 6

    next

    end

  3. Enter the following command to change the protocol to UDP.
  4. config system session-helper

    edit 2

    set protocol 17

    end

If a session helper listens on more than one port or protocol, then multiple entries for the session helper must be added to the session helper list, one for each port and protocol combination. For example, the rtsp session helper listens on TCP ports 554, 7070, and 8554 so there are three rtsp entries in the session-helper list. If your FortiGate unit receives rtsp packets on a different TCP port (for example, 6677) you can use the following command to configure the rtsp session helper to listen on TCP port 6677.

To configure a session helper to listen on a new port and protocol

config system session-helper

edit 0

set name rtsp

set port 6677

set protocol 6

end

Changing the protocol or port that a session helper listens on

Most session helpers are configured to listen for their sessions on the port and protocol that they typically use. If your FortiGate unit receives sessions that should be handled by a session helper on a non-standard port or protocol you can use the following procedure to change the port and protocol used by a session helper. The following example shows how to change the port that the pmap session helper listens on for Sun RPC portmapper TCP sessions. By default pmap listens on TCP port 111.

To change the port that the pmap session helper listens on to TCP port 112
  1. Confirm that the TCP pmap session helper entry is 11 in the session-helper list:
  2. show system session-helper 11

    config system session-helper

    edit 11

    set name pmap

    set port 111

    set protocol 6

    next

    end

  3. Enter the following command to change the TCP port to 112.
  4. config system session-helper

    edit 11

    set port 112

    end

  5. The pmap session helper also listens on UDP port 111. Confirm that the UDP pmap session helper entry is 12 in the session-helper list:
  6. show system session-helper 12

    config system session-helper

    edit 12

    set name pmap

    set port 111

    set protocol 17

    next

    end

  7. Enter the following command to change the UDP port to 112.
  8. config system session-helper

    edit 12

    set port 112

    end

Use the following command to set the h323 session helper to listen for ports on the UDP protocol.

To change the protocol that the h323 session helper listens on
  1. Confirm that the h323 session helper entry is 2 in the session-helper list:
  2. show system session-helper 2

    config system session-helper

    edit 2

    set name h323

    set port 1720

    set protocol 6

    next

    end

  3. Enter the following command to change the protocol to UDP.
  4. config system session-helper

    edit 2

    set protocol 17

    end

If a session helper listens on more than one port or protocol, then multiple entries for the session helper must be added to the session helper list, one for each port and protocol combination. For example, the rtsp session helper listens on TCP ports 554, 7070, and 8554 so there are three rtsp entries in the session-helper list. If your FortiGate unit receives rtsp packets on a different TCP port (for example, 6677) you can use the following command to configure the rtsp session helper to listen on TCP port 6677.

To configure a session helper to listen on a new port and protocol

config system session-helper

edit 0

set name rtsp

set port 6677

set protocol 6

end