Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Ports and Protocols

    Home FortiGate / FortiOS 6.2.0 Ports and Protocols
    6.2.0
    6.4.0
    6.2.0

    FortiGate open ports

    FortiGate open ports

    Incoming ports

    Purpose

    Protocol/Port

    FortiAP-S

    Syslog, OFTP, Registration, Quarantine, Log & Report

    TCP/443

    CAPWAP

    UDP/5246, UDP/5247

    FortiAuthenticator

    Policy Authentication through Captive Portal

    TCP/1000

    RADIUS disconnect

    TCP/1700

    FortiClient

    Remote IPsec VPN access

    UDP/IKE 500, ESP (IP 50), NAT-T 4500

    Remote SSL VPN access

    TCP/443

    SSO Mobility Agent, FSSO

    TCP/8001

    Compliance and Security Fabric

    TCP/8013 (by default; this port can be customized)

    FortiGate

    HA Heartbeat

    ETH Layer 0x8890, 0x8891, and 0x8893

    HA Synchronization

    TCP/703, UDP/703

    Unicast Heartbeat for Azure

    UDP/730

    DNS for Azure

    UDP/53

    Security Fabric

    UDP/8014

    FortiGuard

    Management

    TCP/541

    AV/IPS

    UDP/9443

    FortiManager

    AV/IPS Push

    UDP/9443

    IPv4 FGFM management

    TCP/541

    IPv6 FGFM management

    TCP/542

    FortiPortal

    API communications (FortiOS REST API, used for Wireless Analytics)

    TCP/443

    3rd-Party Servers

    FSSO

    TCP/8001 (by default; this port can be customized)

    Others

    Web Admin

    TCP/80, TCP/443

    Policy Override Authentication

    TCP/443, TCP/8008, TCP/8010

    Policy Override Keepalive

    TCP/1000, TCP/1003

    SSL VPN

    TCP/443

    Outgoing ports

    Purpose

    Protocol/Port

    FortiAnalyzer

    Syslog, OFTP, Registration, Quarantine, Log & Report

    TCP/514

    FortiAuthenticator

    LDAP, PKI Authentication

    TCP or UDP/389

    RADIUS

    UDP/1812

    FSSO

    TCP/8000

    RADIUS Accounting

    UDP/1813

    SCEP

    TCP/80, TCP/443

    CRL Download

    TCP/80

    External Captive Portal

    TCP/443

    FortiGate

    HA Heartbeat

    ETH Layer 0x8890, 0x8891, and 0x8893

    HA Synchronization

    TCP/703, UDP/703

    Unicast Heartbeat for Azure

    UDP/730

    DNS for Azure

    UDP/53

    FortiGate Cloud

    Registration, Quarantine, Log & Report, Syslog

    TCP/443

    OFTP

    TCP/514

    Management

    TCP/541

    Contract Validation

    TCP/443

    FortiGuard

    AV/IPS Update

    TCP/443, TCP/8890

    Cloud App DB

    TCP/9582

    FortiGuard Queries

    UDP/53, UDP/8888, TCP/53, TCP/8888, TCP/443 (as part of Anycast servers)

    SDNS queries for DNS Filter

    UDP/53, TCP/853 (as part of Anycast servers)

    Registration

    TCP/80

    Alert Email, Virus Sample

    TCP/25

    Management, Firmware, SMS, FTM, Licensing, Policy Override

    TCP/443

    Central Management, Analysis

    TCP/541

    FortiManager

    IPv4 FGFM management

    TCP/541

    IPv6 FGFM management

    TCP/542

    Log & Report

    TCP or UDP/514

    FortiGuard Queries

    UDP/53, UDP/8888, TCP/80, TCP/8888

    FortiSandbox

    OFTP

    TCP/514

    Others

    FSSO

    TCP/8001 (by default; this port can be customized)
    Note

    While a proxy is configured, FortiGate uses the following URLs to access the FortiGuard Distribution Network (FDN):

    • update.fortiguard.net
    • service.fortiguard.net
    • support.fortinet.com
    Previous
    Next

    FortiGate open ports

    FortiGate open ports

    Incoming ports

    Purpose

    Protocol/Port

    FortiAP-S

    Syslog, OFTP, Registration, Quarantine, Log & Report

    TCP/443

    CAPWAP

    UDP/5246, UDP/5247

    FortiAuthenticator

    Policy Authentication through Captive Portal

    TCP/1000

    RADIUS disconnect

    TCP/1700

    FortiClient

    Remote IPsec VPN access

    UDP/IKE 500, ESP (IP 50), NAT-T 4500

    Remote SSL VPN access

    TCP/443

    SSO Mobility Agent, FSSO

    TCP/8001

    Compliance and Security Fabric

    TCP/8013 (by default; this port can be customized)

    FortiGate

    HA Heartbeat

    ETH Layer 0x8890, 0x8891, and 0x8893

    HA Synchronization

    TCP/703, UDP/703

    Unicast Heartbeat for Azure

    UDP/730

    DNS for Azure

    UDP/53

    Security Fabric

    UDP/8014

    FortiGuard

    Management

    TCP/541

    AV/IPS

    UDP/9443

    FortiManager

    AV/IPS Push

    UDP/9443

    IPv4 FGFM management

    TCP/541

    IPv6 FGFM management

    TCP/542

    FortiPortal

    API communications (FortiOS REST API, used for Wireless Analytics)

    TCP/443

    3rd-Party Servers

    FSSO

    TCP/8001 (by default; this port can be customized)

    Others

    Web Admin

    TCP/80, TCP/443

    Policy Override Authentication

    TCP/443, TCP/8008, TCP/8010

    Policy Override Keepalive

    TCP/1000, TCP/1003

    SSL VPN

    TCP/443

    Outgoing ports

    Purpose

    Protocol/Port

    FortiAnalyzer

    Syslog, OFTP, Registration, Quarantine, Log & Report

    TCP/514

    FortiAuthenticator

    LDAP, PKI Authentication

    TCP or UDP/389

    RADIUS

    UDP/1812

    FSSO

    TCP/8000

    RADIUS Accounting

    UDP/1813

    SCEP

    TCP/80, TCP/443

    CRL Download

    TCP/80

    External Captive Portal

    TCP/443

    FortiGate

    HA Heartbeat

    ETH Layer 0x8890, 0x8891, and 0x8893

    HA Synchronization

    TCP/703, UDP/703

    Unicast Heartbeat for Azure

    UDP/730

    DNS for Azure

    UDP/53

    FortiGate Cloud

    Registration, Quarantine, Log & Report, Syslog

    TCP/443

    OFTP

    TCP/514

    Management

    TCP/541

    Contract Validation

    TCP/443

    FortiGuard

    AV/IPS Update

    TCP/443, TCP/8890

    Cloud App DB

    TCP/9582

    FortiGuard Queries

    UDP/53, UDP/8888, TCP/53, TCP/8888, TCP/443 (as part of Anycast servers)

    SDNS queries for DNS Filter

    UDP/53, TCP/853 (as part of Anycast servers)

    Registration

    TCP/80

    Alert Email, Virus Sample

    TCP/25

    Management, Firmware, SMS, FTM, Licensing, Policy Override

    TCP/443

    Central Management, Analysis

    TCP/541

    FortiManager

    IPv4 FGFM management

    TCP/541

    IPv6 FGFM management

    TCP/542

    Log & Report

    TCP or UDP/514

    FortiGuard Queries

    UDP/53, UDP/8888, TCP/80, TCP/8888

    FortiSandbox

    OFTP

    TCP/514

    Others

    FSSO

    TCP/8001 (by default; this port can be customized)
    Note

    While a proxy is configured, FortiGate uses the following URLs to access the FortiGuard Distribution Network (FDN):

    • update.fortiguard.net
    • service.fortiguard.net
    • support.fortinet.com
    Previous
    Next