Web Application Firewall (WAF) protects websites by filtering and forwarding requests to the websites. However, it forwards requests over only the HTTP and HTTPS ports that you configure when you add your website to WAF.
If your website receives requests over an unconfigured port, WAF does not forward the requests to the origin server regardless of whether the port is enabled. This does not pose any security risks or threats to the origin server.