Fortinet Document Library

Version:


Table of Contents

6.2.0
Download PDF
Copy Link

FortiGate open ports

Incoming ports

Purpose

Protocol/Port

FortiAP-S

Syslog, OFTP, Registration, Quarantine, Log & Report

TCP/443

CAPWAP

UDP/5246, UDP/5247

FortiAuthenticator

Policy Authentication through Captive Portal

TCP/1000

FortiClient

Remote IPsec VPN access

UDP/IKE 500, ESP (IP 50), NAT-T 4500

Remote SSL VPN access

TCP/443

SSO Mobility Agent, FSSO

TCP/8001

Compliance and Security Fabric

TCP/8013 (by default; this port can be customized)

FortiGate

HA Heartbeat

ETH Layer 0x8890, 0x8891, and 0x8893

HA Synchronization

TCP/703, UDP/703

Unicast Heartbeat for Azure

UDP/730

DNS for Azure

UDP/53

FortiGuard

Management

TCP/541

AV/IPS

UDP/9443

FortiManager

AV/IPS Push

UDP/9443

SSH CLI Management

TCP/22

Management

TCP/541

SNMP Poll

UDP/161, UDP/162

FortiGuard Queries

TCP/443

FortiPortal

API communications (FortiOS REST API, used for Wireless Analytics)

TCP/443

Others

Web Admin

TCP/80, TCP/443

Policy Override Authentication

TCP/443, TCP/8008, TCP/8010

Policy Override Keepalive

TCP/1000, TCP/1003

SSL VPN

TCP/443

3rd-Party Servers

FSSO

TCP/8001 (by default; this port can be customized)

Outgoing ports

Purpose

Protocol/Port

FortiAnalyzer

Syslog, OFTP, Registration, Quarantine, Log & Report

TCP/514

FortiAuthenticator

LDAP, PKI Authentication

TCP or UDP/389

RADIUS

UDP/1812

FSSO

TCP/8000

RADIUS Accounting

UDP/1813

SCEP

TCP/80, TCP/443

FortiCloud

Registration, Quarantine, Log & Report, Syslog

TCP/443

OFTP

TCP/514

Management

TCP/541

Contract Validation

TCP/443

FortiGate

HA Heartbeat

ETH Layer 0x8890, 0x8891, and 0x8893

HA Synchronization

TCP/703, UDP/703

Unicast Heartbeat for Azure

UDP/730

DNS for Azure

UDP/53

FortiGuard

AV/IPS Update

TCP/443, TCP/8890

Cloud App DB

TCP/9582

FortiGuard Queries

UDP/53, UDP/8888

DNS

UDP/53, UDP/8888

Registration

TCP/80

Alert Email, Virus Sample

TCP/25

Management, Firmware, SMS, FTM, Licensing, Policy Override

TCP/443

Central Management, Analysis

TCP/541

FortiManager

Management

TCP/541

IPv6 FGFM connection

TCP/542

Log & Report

TCP or UDP/514

Secure SNMP

UDP/161, UDP/162

FortiGuard Queries

TCP/8890, UDP/53

FortiSandbox

OFTP

TCP/514

Others

FSSO

TCP/8001 (by default; this port can be customized)

Note

While a proxy is configured, FortiGate uses the following URLs to access the FortiGuard Distribution Network (FDN):

  • update.fortiguard.net
  • service.fortiguard.net
  • support.fortinet.com

FortiGate open ports

Incoming ports

Purpose

Protocol/Port

FortiAP-S

Syslog, OFTP, Registration, Quarantine, Log & Report

TCP/443

CAPWAP

UDP/5246, UDP/5247

FortiAuthenticator

Policy Authentication through Captive Portal

TCP/1000

FortiClient

Remote IPsec VPN access

UDP/IKE 500, ESP (IP 50), NAT-T 4500

Remote SSL VPN access

TCP/443

SSO Mobility Agent, FSSO

TCP/8001

Compliance and Security Fabric

TCP/8013 (by default; this port can be customized)

FortiGate

HA Heartbeat

ETH Layer 0x8890, 0x8891, and 0x8893

HA Synchronization

TCP/703, UDP/703

Unicast Heartbeat for Azure

UDP/730

DNS for Azure

UDP/53

FortiGuard

Management

TCP/541

AV/IPS

UDP/9443

FortiManager

AV/IPS Push

UDP/9443

SSH CLI Management

TCP/22

Management

TCP/541

SNMP Poll

UDP/161, UDP/162

FortiGuard Queries

TCP/443

FortiPortal

API communications (FortiOS REST API, used for Wireless Analytics)

TCP/443

Others

Web Admin

TCP/80, TCP/443

Policy Override Authentication

TCP/443, TCP/8008, TCP/8010

Policy Override Keepalive

TCP/1000, TCP/1003

SSL VPN

TCP/443

3rd-Party Servers

FSSO

TCP/8001 (by default; this port can be customized)

Outgoing ports

Purpose

Protocol/Port

FortiAnalyzer

Syslog, OFTP, Registration, Quarantine, Log & Report

TCP/514

FortiAuthenticator

LDAP, PKI Authentication

TCP or UDP/389

RADIUS

UDP/1812

FSSO

TCP/8000

RADIUS Accounting

UDP/1813

SCEP

TCP/80, TCP/443

FortiCloud

Registration, Quarantine, Log & Report, Syslog

TCP/443

OFTP

TCP/514

Management

TCP/541

Contract Validation

TCP/443

FortiGate

HA Heartbeat

ETH Layer 0x8890, 0x8891, and 0x8893

HA Synchronization

TCP/703, UDP/703

Unicast Heartbeat for Azure

UDP/730

DNS for Azure

UDP/53

FortiGuard

AV/IPS Update

TCP/443, TCP/8890

Cloud App DB

TCP/9582

FortiGuard Queries

UDP/53, UDP/8888

DNS

UDP/53, UDP/8888

Registration

TCP/80

Alert Email, Virus Sample

TCP/25

Management, Firmware, SMS, FTM, Licensing, Policy Override

TCP/443

Central Management, Analysis

TCP/541

FortiManager

Management

TCP/541

IPv6 FGFM connection

TCP/542

Log & Report

TCP or UDP/514

Secure SNMP

UDP/161, UDP/162

FortiGuard Queries

TCP/8890, UDP/53

FortiSandbox

OFTP

TCP/514

Others

FSSO

TCP/8001 (by default; this port can be customized)

Note

While a proxy is configured, FortiGate uses the following URLs to access the FortiGuard Distribution Network (FDN):

  • update.fortiguard.net
  • service.fortiguard.net
  • support.fortinet.com