Administration Guide

Introduction
- FortiClient, FortiClient EMS, and FortiGate
- Fortinet product support for FortiClient
- Feature comparison of FortiClient free and paid versions
Getting started
- Getting started with FortiClient
- EMS and endpoint profiles
- Telemetry connection options
- Telemetry gateway IP lists
- EMS and automatic upgrade of FortiClient
Provisioning preparation
- Installation requirements
- Licensing
- Required services and ports
- FortiClient setup types and modules
- Firmware images and tools
- Obtaining FortiClient installation files
Provisioning
- Installing FortiClient on computers
- Installing FortiClient on infected systems
- Installing FortiClient as part of cloned disk images
- Installing FortiClient using the CLI
- Deploying FortiClient using Microsoft AD servers
  - Using Microsoft AD to deploy FortiClient
  - Using Microsoft AD to uninstall FortiClient
- Uninstalling FortiClient
- Upgrading FortiClient
User details
- Viewing user details
- Retrieving user details from cloud applications
- Adding your phone number and email address manually
- Specifying the user avatar manually
Fabric Telemetry
- FortiClient Telemetry
- Compliance with EMS and FortiOS
- On-net/off-net status with EMS
  - EMS only
  - Logging to FortiAnalyzer
- Quarantined endpoints
Malware Protection
- Antivirus
- Cloud Based Malware Protection
- AntiExploit
- Removable media access
- Quarantined files
  - Viewing quarantined files
  - Submitting quarantined files for scanning
Sandbox Detection
- Scanning with FortiSandbox on-demand
- Viewing FortiSandbox scan results
- Using the popup window
Web Filter
- Web browser plugin for HTTPS web filtering
- Viewing violations
- Troubleshooting Web Filter
Application Firewall
Vulnerability Scan
- Scanning on-demand
- Automatically fixing detected vulnerabilities
- Reviewing detected vulnerabilities before fixing
- Manually fixing detected vulnerabilities
- Viewing details about vulnerabilities
- Viewing vulnerability scan history
Remote Access
- Configuring VPN connections
  - Configuring an SSL VPN connection
  - Configuring an IPsec VPN connection
- Connecting VPNs
- Advanced features (Windows)
- Advanced features (macOS)
  - Creating redundant IPsec VPNs
  - Creating priority-based SSL VPN connections
- VPN tunnel and script
  - Windows
  - macOS
- Standalone VPN client
Notifications
Settings
- System
- Logging
  - Sending logs and software inventory reports to FortiAnalyzer or FortiManager
  - Exporting the log file
- VPN options
- Advanced options
- FortiTray
Diagnostic Tool
Appendix A - FortiClient API
- Overview
- API reference
Appendix B - FortiClient log messages
Appendix C - Vulnerability patches
Appendix D - FortiClient processes
- FortiClient (Windows) processes
- FortiClient (macOS) processes
Appendix E - FortiClient (Linux) CLI commands

Home FortiClient 6.2.4 Administration Guide

6.2.4

Required services and ports

You must ensure required port and services are enabled for use by FortiClient and its associated applications on your server. The required ports and services enable FortiClient to communicate with servers running associated applications.

Communication	Usage	Protocol	Port	Incoming/Outgoing	How to customize
FortiClient Telemetry	Endpoint management (EMS), participation in the Security Fabric (FortiGate)	TCP	8013	Outgoing	GUI
SYSLOG	Upload logs to syslog server	UDP	514	Outgoing	N/A
FortiSandbox	Send files to FortiSandbox for analysis	TCP	514	Outgoing	N/A
Remote access - SSL VPN	Establish VPN connection to the FortiGate	TCP	443 (default)	Outgoing	GUI
FortiAnalyzer/FortiManager	Upload logs to FortiAnalyzer or FortiManager	TCP	514	Outgoing	N/A
Remote access - IPsec VPN	Establish VPN connection to the FortiGate	UDP	IKE 500 ESP (IP 50) NAT-T 4500	Outgoing	N/A
FortiAuthenticator/FortiGate	SSO mobility agent, FortiClient SSO (FSSO)	TCP	8001 (default)	Outgoing	GUI
FortiGuard	URL rating	TCP	8888 (default)	Outgoing	Change to UDP via XML. See the FortiClient XML Reference Guide.
	AV/vulnerability signatures update	TCP	80	Outgoing	N/A
	Cloud-based behavior scan (CBBS)/applications that use cloud services	TCP	80	Outgoing	N/A
FortiManager	Use a FortiManager for FortiClient software and signature updates	TCP	80 (default)	Outgoing	GUI
SMTP/FortiGuard	Virus submission	TCP	25	Outgoing	N/A

For the list of required services and ports for EMS, see the FortiClient EMS Administration Guide.

Required services and ports

Communication	Usage	Protocol	Port	Incoming/Outgoing	How to customize
FortiClient Telemetry	Endpoint management (EMS), participation in the Security Fabric (FortiGate)	TCP	8013	Outgoing	GUI
SYSLOG	Upload logs to syslog server	UDP	514	Outgoing	N/A
FortiSandbox	Send files to FortiSandbox for analysis	TCP	514	Outgoing	N/A
Remote access - SSL VPN	Establish VPN connection to the FortiGate	TCP	443 (default)	Outgoing	GUI
FortiAnalyzer/FortiManager	Upload logs to FortiAnalyzer or FortiManager	TCP	514	Outgoing	N/A
Remote access - IPsec VPN	Establish VPN connection to the FortiGate	UDP	IKE 500 ESP (IP 50) NAT-T 4500	Outgoing	N/A
FortiAuthenticator/FortiGate	SSO mobility agent, FortiClient SSO (FSSO)	TCP	8001 (default)	Outgoing	GUI
FortiGuard	URL rating	TCP	8888 (default)	Outgoing	Change to UDP via XML. See the FortiClient XML Reference Guide.
	AV/vulnerability signatures update	TCP	80	Outgoing	N/A
	Cloud-based behavior scan (CBBS)/applications that use cloud services	TCP	80	Outgoing	N/A
FortiManager	Use a FortiManager for FortiClient software and signature updates	TCP	80 (default)	Outgoing	GUI
SMTP/FortiGuard	Virus submission	TCP	25	Outgoing	N/A

For the list of required services and ports for EMS, see the FortiClient EMS Administration Guide.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Administration Guide

Required services and ports

Required services and ports

Required services and ports

Required services and ports