Scribd
Upload
448 views6 pages

FortiOS 7.0 Port Configuration Guide

This document summarizes the incoming and outgoing ports used by Fortinet products. For incoming ports, common uses include syslog, registration, quarantine, IPsec and SSL VPNs, management, and HA heartbeat. Outgoing ports are often used for functions like HA synchronization, FortiGuard queries, LDAP authentication, RADIUS, and OFTP logging. Ports vary by product but many can be configured, with common ports including TCP/22, TCP/80, TCP/443, UDP/500, UDP/53, and ICMP.

Uploaded by

Ayan Nas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
448 views6 pages

FortiOS 7.0 Port Configuration Guide

This document summarizes the incoming and outgoing ports used by Fortinet products. For incoming ports, common uses include syslog, registration, quarantine, IPsec and SSL VPNs, management, and HA heartbeat. Outgoing ports are often used for functions like HA synchronization, FortiGuard queries, LDAP authentication, RADIUS, and OFTP logging. Ports vary by product but many can be configured, with common ports including TCP/22, TCP/80, TCP/443, UDP/500, UDP/53, and ICMP.

Uploaded by

Ayan Nas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Incoming ports

Product Purpose Ports Configurable

Syslog, Registration, Quarantine, Log & Report TCP/443


FortiAP-S
CAPWAP* UDP/5246-5247

Policy Authentication through Captive Portal TCP/1000


FortiAuthenticator
RADIUS Disconnect TCP/1700

UDP/500, UDP/4500 Yes


Remote IPsec VPN
ESP (IP 50)

FortiClient Remote SSL VPN TCP/443 Yes

SSO Mobility Agent, FSSO TCP/8001

Compliance and Security Fabric TCP/8013 Yes

ETH Layer 0x8890,


HA Heartbeat
0x8891, 0x8893

TCP/703
HA Synchronization
UDP/703

TCP/22, TCP/80,
Management TCP/443
FortiGate ICMP

UDP/500, UDP/4500 Yes


IPsec VPN
ESP (IP 50)

IPsec VPN Forward Error Correction UDP/50000

Unicast Heartbeat for Azure UDP/730

DNS for Azure UDP/53

AV and IPS push updates

FortiGuard IPv4 FGFM tunnel TCP/541

IPv6 FGFM tunnel TCP/542

FortiPortal API for communication (FortiOS REST API) TCP/443

Approve/deny response from FortiToken


FortiToken Mobile TCP/4433 Yes
Mobile

FortiOS 7.0 Ports 01-700-723840-20210607


Fortinet Technologies Inc. 1
Incoming ports

Product Purpose Ports Configurable

FSSO server FSSO TCP/8001 Yes

Web Administration TCP/80, TCP/443

TCP/443, TCP/8008,
Policy Override Authentication
TCP/8010
Others
Policy Override Keepalive TCP/1000, TCP/1003

SSL VPN TCP/443 Yes

ACME service TCP/80, TCP/443

FortiOS 7.0 Ports 2


Fortinet Technologies Inc.
Outgoing Ports

Product Purpose Ports Configurable

Syslog, OFTP, Registration, Quarantine, Log


FortiAnalyzer TCP/514
& Report

FortiAP CAPWAP UDP/5246-5247

TCP/389
LDAP, PKI Authentication
UDP/389

RADIUS UDP/1812

FSSO TCP/8000
FortiAuthenticator
RADIUS Accounting UDP/1813

SCEP TCP/80, TCP/443

CRL Download TCP/80

External Captive Portal TCP/443

UDP/5246,
FortiExtender Data port Yes
UDP/25246

ETH Layer 0x8890,


HA Heartbeat
0x8891, 0x8893

TCP/703
FortiGate HA Synchronization
UDP/703

Unicast Heartbeat for Azure UDP/730

DNS for Azure UDP/53

Registration, Quarantine, Log & Report,


TCP/443
Syslog, Contract Validation
FortiGate Cloud
OFTP TCP/514

Management TCP/541

FortiOS 7.0 Ports 3


Fortinet Technologies Inc.
Outgoing Ports

Product Purpose Ports Configurable

AV/IPS update TCP/443, TCP/8890

Cloud Application Database TCP/9582

UDP/53, UDP/8888
FortiGuard Queries TCP/53, TCP/443,
TCP/8888

DNS UDP/53, UDP/8888

Registration TCP/80

FortiGuard Alert Email, Virus sample TCP/25

Management, Firmware, SMS, Licensing,


TCP/443
Policy Override

Central Management, Analysis TCP/541

Secure DNS filter TCP/53, TCP/853

IPAM Service TCP/443

IoT Service TCP/443

FortiDDNS TCP/443 Yes

IPv4 FGFM management TCP/541

IPv6 FGFM management TCP/542

Log & Report TCP/514


FortiManager UDP/53, UDP/8888
AntiSpam, WebFilter queries
TCP/8888

Registration for license validation and UTM


TCP/443, TCP/8890
updates (AV, IPS)

FortiSandbox OFTP TCP/514

FortiSwitch FortiLink UDP/5246-5247 Yes

Two factor authentication request to


FortiToken Cloud TCP/8686
FortiToken Cloud (ftc.fortinet.com)

Two factor request to push proxy


TCP/443
FortiToken Mobile (push.fortinet.com)

Using FAC, the request is sent to FAC UDP/1812

FSSO FSSO TCP/8001 Yes

FortiOS 7.0 Ports 4


Fortinet Technologies Inc.
Outgoing Ports

Product Purpose Ports Configurable

email notification TCP/465 Yes

Others netflow collector UDP/2055 Yes

sflow collector UDP/6343 Yes

FortiOS 7.0 Ports 5


Fortinet Technologies Inc.
Change Log

Date Change Description

2021-06-07 Initial release.

FortiOS 7.0 Ports 6


Fortinet Technologies Inc.

You might also like