Required services and ports
You must ensure required port and services are enabled for use by FortiClient and its associated applications on your server. The required ports and services enable FortiClient to communicate with servers running associated applications.
|
Communication |
Usage |
Protocol |
Port |
Incoming/Outgoing |
How to customize |
|---|---|---|---|---|---|
|
FortiClient Telemetry |
Endpoint management (EMS) and/or compliance enforcement (FortiGate) |
TCP |
8013 |
Outgoing |
GUI |
|
SYSLOG |
Upload logs to syslog server |
UDP |
514 |
Outgoing |
N/A |
|
FortiSandbox |
Send files to FortiSandbox for analysis |
TCP |
514 |
Outgoing |
N/A |
|
Remote access - SSL VPN |
Establish VPN connection to FortiGate |
TCP |
443 (default) |
Outgoing |
GUI |
|
FortiAnalyzer/FortiManager |
Upload logs to FortiAnalyzer or FortiManager. FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer or FortiManager. |
TCP |
514 |
Outgoing |
N/A |
|
Remote access - IPsec VPN |
Establish VPN connection to FortiGate |
UDP |
IKE 500 ESP (IP 50) NAT-T 4500 |
Outgoing |
N/A |
|
FortiAuthenticator/FortiGate |
Single Sign On mobility agent, FSSO |
TCP |
8001 (default) |
Outgoing |
GUI |
|
FortiGuard |
URL rating |
UDP |
8888 (default) |
Outgoing |
Change to port 53 via XML config file |
|
AV/vulnerability signatures update |
TCP |
80 |
Outgoing |
N/A |
|
|
Cloud-based behavior scan (CBBS)/applications that use cloud services |
TCP |
80 |
Outgoing |
N/A |
|
|
FortiManager |
Use a FortiManager device for FortiClient software and signature updates |
TCP |
80 (default) |
Outgoing |
GUI |
|
SMTP/FortiGuard |
Virus submission |
TCP |
25 |
Outgoing |
N/A |
|
For the list of required services and ports for EMS, see the FortiClient EMS Administration Guide. |