Fortinet Document Library

Version:


Table of Contents

6.2.0
Download PDF
Copy Link

FortiClient open ports

The following diagrams and tables show the distinct communications for each FortiClient product.

FortiClient

Outgoing ports

Purpose

Protocol/Port

FortiAnalyzer

Send logs to FortiAnalyzer (FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer)

TCP/514

FortiAuthenticator

SSO Mobility Agent, FSSO

TCP/8001

FortiClient EMS

Endpoint management

TCP/8013

Upload logs and diagnostics to EMS server

TCP/8014

FortiGate

Remote IPsec VPN access

UDP/IKE 500, ESP (IP 50), NAT-T 4500

Remote SSL VPN access

TCP/443 (by default; this port can be customized)

SSO Mobility Agent, FSSO

TCP/8001

Compliance and Security Fabric

TCP/8013 (by default; this port can be customized)

FortiGuard

AV/VUL signatures update, Cloud-based behavior scan (CBBS)/applications that use cloud services

TCP/80

Virus submission (SMTP/FortiGuard)

TCP/25

URL rating

UDP/8888 (by default; this port can be changed to port 53 by entering fgd1.fortigate.com:53 via the XML config file)

FortiManager

Select a FortiManager to be used for FortiClient signature updates

TCP/80 (by default; this port can be customized)

Send logs to FortiManager (FortiClient must connect to FortiGate or EMS to send logs to FortiManager)

TCP/514

FortiSandbox

File analysis

TCP/514

Syslog server

Send logs to syslog server

UDP/514

FortiClient EMS

Incoming ports

Purpose

Protocol/Port

FortiClient

Endpoint management

TCP/8013 (by default; this port can be customized)

Upload logs and diagnostics to EMS server

TCP/8014

Download FortiClient installer created by EMS server

TCP/10443

Apache server/HTTPS

Web access to EMS

TCP/443

Outgoing ports

Purpose

Protocol/Port

FortiGuard

FortiClient EMS AV/VUL/APP version updates

TCP/80

Samba (SMB) service

EMS uses SMB during FortiClient deployment

TCP/445

SMTP server/email

EMS and endpoint alerts

TCP/25

AD server

Retrieving workstation and user information

TCP/389 or TCP/636 (for LDAP or LDAPS respectively)

Others

EMS server uses Distributed Computing Environment/Remote Procedure Calls (DCE/RPC) for FortiClient deployment

TCP/135

FortiClient for Chromebook

Outgoing ports

Purpose

Protocol/Port

FortiAnalyzer

Send logs to FortiAnalyzer

TCP/8443

FortiClient EMS

Connect to EMS Chromebook profile server

TCP/8443

FortiGuard

URL rating

TCP/443, TCP/3400

FortiClient EMS for Chromebook

Incoming ports

Purpose

Protocol/Port

FortiClient for Chromebook

Connection to EMS

TCP/8443

Apache server/HTTPS

Web access to EMS

TCP/443

Outgoing ports

Purpose

Protocol/Port

SMTP server/email

EMS and endpoint alerts

TCP/25

Others

G Suite API calls for Google domain information

TCP/443

FortiClient open ports

The following diagrams and tables show the distinct communications for each FortiClient product.

FortiClient

Outgoing ports

Purpose

Protocol/Port

FortiAnalyzer

Send logs to FortiAnalyzer (FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer)

TCP/514

FortiAuthenticator

SSO Mobility Agent, FSSO

TCP/8001

FortiClient EMS

Endpoint management

TCP/8013

Upload logs and diagnostics to EMS server

TCP/8014

FortiGate

Remote IPsec VPN access

UDP/IKE 500, ESP (IP 50), NAT-T 4500

Remote SSL VPN access

TCP/443 (by default; this port can be customized)

SSO Mobility Agent, FSSO

TCP/8001

Compliance and Security Fabric

TCP/8013 (by default; this port can be customized)

FortiGuard

AV/VUL signatures update, Cloud-based behavior scan (CBBS)/applications that use cloud services

TCP/80

Virus submission (SMTP/FortiGuard)

TCP/25

URL rating

UDP/8888 (by default; this port can be changed to port 53 by entering fgd1.fortigate.com:53 via the XML config file)

FortiManager

Select a FortiManager to be used for FortiClient signature updates

TCP/80 (by default; this port can be customized)

Send logs to FortiManager (FortiClient must connect to FortiGate or EMS to send logs to FortiManager)

TCP/514

FortiSandbox

File analysis

TCP/514

Syslog server

Send logs to syslog server

UDP/514

FortiClient EMS

Incoming ports

Purpose

Protocol/Port

FortiClient

Endpoint management

TCP/8013 (by default; this port can be customized)

Upload logs and diagnostics to EMS server

TCP/8014

Download FortiClient installer created by EMS server

TCP/10443

Apache server/HTTPS

Web access to EMS

TCP/443

Outgoing ports

Purpose

Protocol/Port

FortiGuard

FortiClient EMS AV/VUL/APP version updates

TCP/80

Samba (SMB) service

EMS uses SMB during FortiClient deployment

TCP/445

SMTP server/email

EMS and endpoint alerts

TCP/25

AD server

Retrieving workstation and user information

TCP/389 or TCP/636 (for LDAP or LDAPS respectively)

Others

EMS server uses Distributed Computing Environment/Remote Procedure Calls (DCE/RPC) for FortiClient deployment

TCP/135

FortiClient for Chromebook

Outgoing ports

Purpose

Protocol/Port

FortiAnalyzer

Send logs to FortiAnalyzer

TCP/8443

FortiClient EMS

Connect to EMS Chromebook profile server

TCP/8443

FortiGuard

URL rating

TCP/443, TCP/3400

FortiClient EMS for Chromebook

Incoming ports

Purpose

Protocol/Port

FortiClient for Chromebook

Connection to EMS

TCP/8443

Apache server/HTTPS

Web access to EMS

TCP/443

Outgoing ports

Purpose

Protocol/Port

SMTP server/email

EMS and endpoint alerts

TCP/25

Others

G Suite API calls for Google domain information

TCP/443