We don't use SSO (port 2158) or DNS (port 53). The web GUI does not have a checkbox to Enable/Disable the service.
Another example, we don't use FTP (port 21). The web GUI has a checkbox to Enable/Disable FTP, but it does not turn off port 21.
How to deactivate these ports / services?
If you worry about the unused port to be attacked or listened, clients can create the rule to block the service on firewall. (If you want to use service, just disable the rule). Also, enable the ADP feature to prevent the Port to be listened.
For example, avoid the FTP service to be attacked.
Group the services which you want to manage:
Block the Service: