Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Default port information

FortiDeceptor treats Port1 as reserved for device management. The other ports are used to deploy deception decoys.

The following table list the default open ports for each FortiDeceptor interface.

FortiDeceptor 1000F and VM default ports:

Port (Interface)

Default Open Ports

Port1

TCP ports 22 (SSH), 23 (Telnet), 80 and 443 (GUI).

FortiGuard Distribution Servers (FDS) use TCP port 443 or 8890 for download. FortiDeceptor uses a random port picked by the kernel.

FortiGuard Web Filtering servers use TCP port 443 or UDP port 53 or 8888. FortiDeceptor uses a random port picked up by the kernel.

FortiDeceptor deception VM download uses TCP port 443 for download. FortiDeceptor uses a random port picked by the kernel.

FortiDeceptor Manager is required to open port 8443 from the client (remote appliance) to the FortiDeceptor Manager.

FortiDeceptor Manager is required to have access to virustotal.com over port 443 for malware analysis based on MD5 request.

Port2 to port8

Each FortiDeceptor port can be directly connected to a specific VLAN or use the network trunk to communicate with multiply VLANs from a single interface.

In DMZ mode, no service listens. In regular mode, token communication service listens on deployment interface monitor IP with port 1443. The token communication uses HTTPS protocol.

Default port information

FortiDeceptor treats Port1 as reserved for device management. The other ports are used to deploy deception decoys.

The following table list the default open ports for each FortiDeceptor interface.

FortiDeceptor 1000F and VM default ports:

Port (Interface)

Default Open Ports

Port1

TCP ports 22 (SSH), 23 (Telnet), 80 and 443 (GUI).

FortiGuard Distribution Servers (FDS) use TCP port 443 or 8890 for download. FortiDeceptor uses a random port picked by the kernel.

FortiGuard Web Filtering servers use TCP port 443 or UDP port 53 or 8888. FortiDeceptor uses a random port picked up by the kernel.

FortiDeceptor deception VM download uses TCP port 443 for download. FortiDeceptor uses a random port picked by the kernel.

FortiDeceptor Manager is required to open port 8443 from the client (remote appliance) to the FortiDeceptor Manager.

FortiDeceptor Manager is required to have access to virustotal.com over port 443 for malware analysis based on MD5 request.

Port2 to port8

Each FortiDeceptor port can be directly connected to a specific VLAN or use the network trunk to communicate with multiply VLANs from a single interface.

In DMZ mode, no service listens. In regular mode, token communication service listens on deployment interface monitor IP with port 1443. The token communication uses HTTPS protocol.