Fortinet Document Library

Version:


Table of Contents

6.2.0
Download PDF
Copy Link

FortiManager open ports

Incoming ports

Purpose

Protocol/Port

FortiGate

Management

TCP/541

IPv6 FGFM connection

TCP/542

Log & Report

TCP or UDP/514

FortiGuard Queries

TCP/8890, UDP/53

FortiClient

Select a FortiManager to be used for FortiClient signature updates

TCP/80 (by default; this port can be customized)

Send logs to FortiManager (FortiClient must connect to FortiGate or EMS to send logs to FortiManager)

TCP/514

FortiGuard

AV/IPS

UDP/9443

FortiMail

Registration

UDP/9443

AV/AS Query

 

FortiManager

FortiClient Manager

TCP/6028

FortiPortal

API communications (JSON and XML APIs respectively)

TCP/443, TCP/8080

Others

SSH CLI Management

TCP/22

Telnet CLI Management

TCP/23

Web Admin

TCP/80, TCP/443

Outgoing ports

Purpose

Protocol/Port

FortiAnalyzer

Syslog & OFTP

TCP/514, UDP/514

Registration

TCP/541

FortiGate

AV/IPS Push

UDP/9443

SSH CLI Management

TCP/22

Management

TCP/541

FortiGuard

AV/IPS Updates, URL/AS Update, Firmware, SMS, FTM, Licensing, Policy Override Authentication, Registration

TCP/443

FortiClient udpates

TCP/80

FortiMail

AV Push

 

FortiManager

FortiClient Manager

TCP/6028

3rd-Party Servers

DNS

UDP/53

NTP

UDP/123

Proxied HTTPS Traffic

TCP/443

RADIUS

UDP/1812

Note

While a proxy is configured, FortiManager uses the following URLs to access the FortiGuard Distribution Network (FDN) for the following updates:

  • fds1.fortinet.com - FortiGate AV/IPS package downloads
  • guard.fortinet.net - Webfilter/Anti-Spam DB and AVfileQuery DB downloads
  • forticlient.fortinet.com - FortiClient signature package downloads
  • fgd1.fortigate.com:8888 - FortiClient Webfilter queries to FortiGuard

FortiManager open ports

Incoming ports

Purpose

Protocol/Port

FortiGate

Management

TCP/541

IPv6 FGFM connection

TCP/542

Log & Report

TCP or UDP/514

FortiGuard Queries

TCP/8890, UDP/53

FortiClient

Select a FortiManager to be used for FortiClient signature updates

TCP/80 (by default; this port can be customized)

Send logs to FortiManager (FortiClient must connect to FortiGate or EMS to send logs to FortiManager)

TCP/514

FortiGuard

AV/IPS

UDP/9443

FortiMail

Registration

UDP/9443

AV/AS Query

 

FortiManager

FortiClient Manager

TCP/6028

FortiPortal

API communications (JSON and XML APIs respectively)

TCP/443, TCP/8080

Others

SSH CLI Management

TCP/22

Telnet CLI Management

TCP/23

Web Admin

TCP/80, TCP/443

Outgoing ports

Purpose

Protocol/Port

FortiAnalyzer

Syslog & OFTP

TCP/514, UDP/514

Registration

TCP/541

FortiGate

AV/IPS Push

UDP/9443

SSH CLI Management

TCP/22

Management

TCP/541

FortiGuard

AV/IPS Updates, URL/AS Update, Firmware, SMS, FTM, Licensing, Policy Override Authentication, Registration

TCP/443

FortiClient udpates

TCP/80

FortiMail

AV Push

 

FortiManager

FortiClient Manager

TCP/6028

3rd-Party Servers

DNS

UDP/53

NTP

UDP/123

Proxied HTTPS Traffic

TCP/443

RADIUS

UDP/1812

Note

While a proxy is configured, FortiManager uses the following URLs to access the FortiGuard Distribution Network (FDN) for the following updates:

  • fds1.fortinet.com - FortiGate AV/IPS package downloads
  • guard.fortinet.net - Webfilter/Anti-Spam DB and AVfileQuery DB downloads
  • forticlient.fortinet.com - FortiClient signature package downloads
  • fgd1.fortigate.com:8888 - FortiClient Webfilter queries to FortiGuard