Fortinet black logo

Ports and Protocols

Home FortiGate / FortiOS 6.2.0 Ports and Protocols

FortiSandbox open ports

6.2.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 119f8f7c-1f55-11e9-b86b-00505692583a:367832
Download PDF

FortiSandbox open ports

Incoming ports

Purpose

Protocol/Port

FortiGate

OFTP

TCP/514

FortiClient

File analysis

TCP/514

Others

SSH CLI Management

TCP/22

Telnet CLI Management

TCP/23

Web Admin

TCP/80, TCP/443

OFTP Communication with FortiGate & FortiMail

TCP/514

Third-party proxy server for ICAP servers

ICAP: TCP/1344

ICAPS: TCP/11344

Outgoing ports

Purpose

Protocol/Port

FortiGuard

(FortiSandbox will use a random port picked by the kernel)

FortiGuard Distribution Servers

TCP/8890

FortiGuard Web Filtering Servers

UDP/53, UDP/8888

FortiSandbox Community Cloud

(FortiSandbox will use a random port picked by the kernel)

Upload detected malware information

TCP/443, UDP/53
Note

FortiSandbox uses the following FQDNs to access the FortiSandbox Community Cloud, depending on which protocol and port is used:

  • TCP/443: fqdl.fortinet.net
  • UDP/53: fqsvr.fortinet.net

Services and port numbers required for FortiSandbox

The tables above show all the services required for FortiSandbox to function correctly. You can use the diagnostic FortiSandbox command test-network to verify that all the services are allowed by the upstream. If the result is Passed, then there is no issue. If there is an issue with a specific service, it will be shown in the command output, and inform you which port needs to be opened.

This command checks:

  • VM Internet access
  • Internet connection
  • System DNS resolve speed
  • VM DNS resolve speed
  • Ping speed
  • Wget speed
  • Web Filtering service
  • FortiSandbox Community Cloud service
Previous
Next

FortiSandbox open ports

Incoming ports

Purpose

Protocol/Port

FortiGate

OFTP

TCP/514

FortiClient

File analysis

TCP/514

Others

SSH CLI Management

TCP/22

Telnet CLI Management

TCP/23

Web Admin

TCP/80, TCP/443

OFTP Communication with FortiGate & FortiMail

TCP/514

Third-party proxy server for ICAP servers

ICAP: TCP/1344

ICAPS: TCP/11344

Outgoing ports

Purpose

Protocol/Port

FortiGuard

(FortiSandbox will use a random port picked by the kernel)

FortiGuard Distribution Servers

TCP/8890

FortiGuard Web Filtering Servers

UDP/53, UDP/8888

FortiSandbox Community Cloud

(FortiSandbox will use a random port picked by the kernel)

Upload detected malware information

TCP/443, UDP/53
Note

FortiSandbox uses the following FQDNs to access the FortiSandbox Community Cloud, depending on which protocol and port is used:

  • TCP/443: fqdl.fortinet.net
  • UDP/53: fqsvr.fortinet.net

Services and port numbers required for FortiSandbox

The tables above show all the services required for FortiSandbox to function correctly. You can use the diagnostic FortiSandbox command test-network to verify that all the services are allowed by the upstream. If the result is Passed, then there is no issue. If there is an issue with a specific service, it will be shown in the command output, and inform you which port needs to be opened.

This command checks:

  • VM Internet access
  • Internet connection
  • System DNS resolve speed
  • VM DNS resolve speed
  • Ping speed
  • Wget speed
  • Web Filtering service
  • FortiSandbox Community Cloud service
Previous
Next