Fortinet Document Library

Version:


Table of Contents

6.0.0
Download PDF
Copy Link
FortiAnalyzer Open Ports FortiAuthenticator Open Ports FortiGate Open Ports FortiGuard Open Ports FortiManager Open Ports

FortiClient open ports

The following diagrams and tables show the distinct communications for each FortiClient product.

FortiClient

 

Outgoing ports
Purpose Protocol/Port
FortiAnalyzer Send logs to FortiAnalyzer (FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer)

TCP/514

FortiAuthenticator SSO Mobility Agent, FSSO TCP/8001
FortiClient EMS Endpoint management TCP/8013
Upload logs and diagnostics to EMS server TCP/8014
FortiGate Remote IPsec VPN access UDP/IKE 500, ESP (IP 50), NAT-T 4500
Remote SSL VPN access TCP/443 (by default; this port can be customized)
SSO Mobility Agent, FSSO TCP/8001
Compliance and Security Fabric TCP/8013 (by default; this port can be customized)
FortiGuard AV/VUL signatures update, Cloud-based behavior scan (CBBS)/applications that use cloud services TCP/80
Virus submission (SMTP/FortiGuard) TCP/25
URL rating

UDP/8888 (by default; this port can be changed to port 53 by entering fgd1.fortigate.com:53 via the XML config file)

FortiManager Select a FortiManager to be used for FortiClient signature updates TCP/80 (by default; this port can be customized)
Send logs to FortiManager (FortiClient must connect to FortiGate or EMS to send logs to FortiManager) TCP/514
FortiSandbox File analysis TCP/514
Syslog server Send logs to syslog server UDP/514

FortiClient EMS

Incoming ports
Purpose Protocol/Port
FortiClient Endpoint management TCP/8013 (by default; this port can be customized)
Upload logs and diagnostics to EMS server TCP/8014
Download FortiClient installer created by EMS server TCP/10443
Apache server/HTTPS Web access to EMS TCP/443

 

Outgoing ports
Purpose Protocol/Port
FortiGuard FortiClient EMS AV/VUL/APP version updates TCP/80
Samba (SMB) service EMS uses SMB during FortiClient deployment TCP/445
SMTP server/email EMS and endpoint alerts TCP/25
AD server Retrieving workstation and user information TCP/389 or TCP/636 (for LDAP or LDAPS respectively)
Others EMS server uses Distributed Computing Environment/Remote Procedure Calls (DCE/RPC) for FortiClient deployment TCP/135

FortiClient for Chromebook

Outgoing ports
Purpose Protocol/Port
FortiAnalyzer Send logs to FortiAnalyzer TCP/8443
FortiClient EMS Connect to EMS Chromebook profile server TCP/8443
FortiGuard URL rating TCP/443, TCP/3400

FortiClient EMS for Chromebook

Incoming ports
Purpose Protocol/Port
FortiClient for Chromebook Connection to EMS TCP/8443
Apache server/HTTPS Web access to EMS TCP/443

 

Outgoing ports
Purpose Protocol/Port
SMTP server/email EMS and endpoint alerts TCP/25
Others G Suite API calls for Google domain information TCP/443
FortiAnalyzer Open Ports FortiAuthenticator Open Ports FortiGate Open Ports FortiGuard Open Ports FortiManager Open Ports

FortiClient open ports

The following diagrams and tables show the distinct communications for each FortiClient product.

FortiClient

 

Outgoing ports
Purpose Protocol/Port
FortiAnalyzer Send logs to FortiAnalyzer (FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer)

TCP/514

FortiAuthenticator SSO Mobility Agent, FSSO TCP/8001
FortiClient EMS Endpoint management TCP/8013
Upload logs and diagnostics to EMS server TCP/8014
FortiGate Remote IPsec VPN access UDP/IKE 500, ESP (IP 50), NAT-T 4500
Remote SSL VPN access TCP/443 (by default; this port can be customized)
SSO Mobility Agent, FSSO TCP/8001
Compliance and Security Fabric TCP/8013 (by default; this port can be customized)
FortiGuard AV/VUL signatures update, Cloud-based behavior scan (CBBS)/applications that use cloud services TCP/80
Virus submission (SMTP/FortiGuard) TCP/25
URL rating

UDP/8888 (by default; this port can be changed to port 53 by entering fgd1.fortigate.com:53 via the XML config file)

FortiManager Select a FortiManager to be used for FortiClient signature updates TCP/80 (by default; this port can be customized)
Send logs to FortiManager (FortiClient must connect to FortiGate or EMS to send logs to FortiManager) TCP/514
FortiSandbox File analysis TCP/514
Syslog server Send logs to syslog server UDP/514

FortiClient EMS

Incoming ports
Purpose Protocol/Port
FortiClient Endpoint management TCP/8013 (by default; this port can be customized)
Upload logs and diagnostics to EMS server TCP/8014
Download FortiClient installer created by EMS server TCP/10443
Apache server/HTTPS Web access to EMS TCP/443

 

Outgoing ports
Purpose Protocol/Port
FortiGuard FortiClient EMS AV/VUL/APP version updates TCP/80
Samba (SMB) service EMS uses SMB during FortiClient deployment TCP/445
SMTP server/email EMS and endpoint alerts TCP/25
AD server Retrieving workstation and user information TCP/389 or TCP/636 (for LDAP or LDAPS respectively)
Others EMS server uses Distributed Computing Environment/Remote Procedure Calls (DCE/RPC) for FortiClient deployment TCP/135

FortiClient for Chromebook

Outgoing ports
Purpose Protocol/Port
FortiAnalyzer Send logs to FortiAnalyzer TCP/8443
FortiClient EMS Connect to EMS Chromebook profile server TCP/8443
FortiGuard URL rating TCP/443, TCP/3400

FortiClient EMS for Chromebook

Incoming ports
Purpose Protocol/Port
FortiClient for Chromebook Connection to EMS TCP/8443
Apache server/HTTPS Web access to EMS TCP/443

 

Outgoing ports
Purpose Protocol/Port
SMTP server/email EMS and endpoint alerts TCP/25
Others G Suite API calls for Google domain information TCP/443