FortiAuthenticator open ports
Incoming ports |
||
---|---|---|
Purpose |
Protocol/Port |
|
FortiAuthenticator
|
Load-balancing HA secondary |
UDP/721, UDP/1194 |
Redundant HA cluster |
UDP/720 |
|
FSSO tiered architecture |
TCP/8003 |
|
SSO Mobility Agent, FSSO |
TCP/8001 (by default; this port can be customized) |
|
|
LDAP, PKI Authentication |
TCP or UDP/389 |
RADIUS |
UDP/1812 |
|
FSSO |
TCP/8000 |
|
RADIUS Accounting |
UDP/1813, UDP/1646 |
|
SCEP |
TCP/80, TCP/443 |
|
CRL download |
TCP/80 |
|
External captive portal |
TCP/443 |
|
FortiToken Mobile |
Push approve/deny |
TCP/443 |
FTM device transfer |
TCP/443 |
|
Others
|
SSH CLI |
TCP/22 |
Telnet |
TCP/23 |
|
HTTP & SCEP |
TCP/80 |
|
SNMP Poll |
UDP/161 |
|
Web Admin |
TCP/80, TCP/443 |
|
LDAP |
TCP/389, TCP/3268 |
|
LDAPS |
TCP/636, TCP/3269 |
|
RADIUS |
UDP/1812, UDP/1813 |
|
OCSP |
TCP/2560 |
|
Syslog |
UDP/514 |
|
SAML |
TCP/443 |
|
OAuth |
TCP/443 |
|
|
FSSO DC/TS agents |
TCP/8002 |
FortiAuthenticator Windows/OWA agent |
TCP/443 |
Outgoing ports |
||
---|---|---|
Purpose |
Protocol/Port |
|
FortiAuthenticator
|
(HA) HA heartbeat |
UDP/720 |
(LB secondary) LB secondary sync |
UDP/721, UDP/1194 |
|
FSSO tiered architecture |
TCP/8003 |
|
|
Policy Authentication through Captive Portal |
TCP/1000 |
RADIUS disconnect |
TCP/1700 |
|
|
FortiToken hardware seed retrieval | TCP/443 |
FortiToken Mobile activation, provisioning, and transfer | TCP/443 | |
FortiToken Cloud communication | TCP/8686 | |
FortiGuard SMS | TCP/443 | |
FortiToken Mobile push proxy service (FAC 6.1.1 and later) |
TCP/443 |
|
FortiToken Mobile Apple push servers (FAC 6.1.0 and earlier) |
TCP/5223, TCP/2195, TCP/2196 |
|
FortiToken Mobile Google push servers (FAC 6.1.0 and earlier) |
TCP/443 |
|
|
SMTP |
TCP/25 |
DNS |
UDP/53 |
|
Windows AD |
TCP/88 |
|
NTP |
UDP/123 |
|
LDAP |
TCP/389, TCP/3268 |
|
Domain Control |
TCP/445 |
|
LDAPS |
TCP/636, TCP/3269 |
|
FSSO tiered architecture | TCP/5003 | |
FTP/SFTP configuration and logs backup |
TCP/21, TCP/22 |
|
SMS HTTP/HTTPS gateways |
TCP/80, TCP/443 |
|
OAuth |
TCP/443 |
|
CRL download |
TCP/80, TCP/443 |
|
FortiNAC |
FSSO |
TCP/8000 |
Logging |
UDP/514 |