FortiMail open ports
![]() |
When operating in its default configuration, FortiMail does not accept TCP or UDP connections on any port except port1 and port2 network interfaces, which accept:
|
Incoming ports |
||
---|---|---|
Purpose |
Protocol/Port |
|
Admin by Console or PC |
SSH, Telnet, HTTP, SSH, Console |
TCP/443 or TCP/80 or TCP/22 or TCP/23 |
Email Client |
Quarantine View/Retrieve |
TCP/80 or TCP/443 or TCP/110 |
SMTP or SMTPS |
TCP/25 or TCP/465 |
|
POP3 or POP3S |
TCP/110 or TCP/995 (server mode only) |
|
IMAP or IMAPS |
TCP/143 or TCP/993 (server mode only) |
|
WebDAV and CalDAV |
TCP/8008 |
|
FortiMail |
Base port for HA heartbeat signal |
UDP/20000 |
Synchronization control |
UDP/20001 |
|
File synchronization |
TCP/20002 |
|
Data synchronization |
TCP/20003 |
|
Checksum synchronization |
TCP/20004 |
|
HA service monitoring (remote SMTP) |
TCP/25 |
|
HA service monitoring (remote HTTP) |
TCP/80 |
|
HA service monitoring (remote POP3) |
TCP/110 |
|
HA service monitoring (remote IMAP) |
TCP/143 |
|
Clear Text Central Quarantine |
TCP/514 |
|
SSL Central Quarantine |
TCP/6514 |
|
SNMP Poll |
TCP/161 |
|
Config/Firmware Push |
TCP/22 |
|
AV Push |
UDP/9443 |
|
External Email Server |
SMTP or SMTPS |
TCP/25 or 465 |
Storage: iSCI, NFS |
TCP/3260 (iSCI), TCP/2049 (NFS) |
|
Config Backup |
SFTP / FTP |
|
Mail Data Backup |
NFS, SMB/CIFS, SSH, external USB (direct connected), iSCSI |
|
Protected Email Server |
SMTP or SMTPS |
TCP/25 or 465 |
Outgoing ports |
||
---|---|---|
Purpose |
Protocol/Port |
|
OFTP |
UDP/514 |
|
SNMP Traps |
UDP/162 |
|
Reg, Config Backup, Config/Firmware Pull |
TCP/443 |
|
AS Rating |
UDP/53 or 8888, TCP/443 |
|
AV/AS Update |
TCP/443 |
|
FortiMail |
Base port for HA heartbeat signal |
UDP/20000 |
Synchronization control |
UDP/20001 |
|
File synchronization |
TCP/20002 |
|
Data synchronization |
TCP/20003 |
|
Checksum synchronization |
TCP/20004 |
|
HA service monitoring (remote SMTP) |
TCP/25 |
|
HA service monitoring (remote HTTP) |
TCP/80 |
|
HA service monitoring (remote POP3) |
TCP/110 |
|
HA service monitoring (remote IMAP) |
TCP/143 |
|
Clear Text Central Quarantine |
TCP/514 |
|
SSL Central Quarantine |
TCP/6514 |
|
External Email Server |
SMTP or SMTPS |
TCP/25 or TCP/465 |
Protected Email Server |
SMTP or SMTPS |
TCP/25 or TCP/465 |
POP3 Auth |
TCP/110 |
|
IMAP Auth |
TCP/143 |
|
Others |
Dyn DNS |
TCP/80 * |
DNS, RBL |
UDP/53 |
|
NTP |
UDP/123 |
|
Alert Email |
TCP/25 |
|
LDAP or LDAPS |
TCP/389 or TCP/636 |
|
RADIUS Auth |
TCP/1812 |
|
NAS |
TCP/21, TCP/22, TCP/2049 |
|
OCSP (for PKI user) |
TCP/80, or defined by certificate |
|
FortiSandbox / FortiSandbox Cloud |
Communication |
TCP/443, TCP/514 |
* FortiMail generates outbound traffic and sends an HTTP SYN request via TCP/80. The Fortinet RSS Feed widget provides a convenient display of the latest security advisories and discovered threats from Fortinet. Also, if an email message contains a shortened URI that redirects to another URI, it would cause FortiMail to send an HTTP SYN request to the shortened URI to get the redirected URI.
![]() |
FortiMail uses the following URLs to access the FortiGuard Distribution Network (FDN):
Furthermore, FortiMail performs these queries and updates listed below using the following ports and protocols:
|