Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiOS Ports

    7.2.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0

    Incoming ports

    Incoming ports

    Product

    Purpose

    Ports and protocols

    Configurable

    FortiAP-S

    Syslog, Registration, Quarantine, Log & Report

    TCP/443

    CAPWAP

    UDP/5246-5247

    FortiAuthenticator

    Policy Authentication through Captive Portal

    TCP/1000

    RADIUS Disconnect

    TCP/3799

    FortiClient

    Remote IPsec VPN

    UDP/500, UDP/4500

    Yes

    ESP (IP 50)

    Remote SSL VPN

    TCP/443

    Yes

    Remote SSL VPN when DTLS enabled

    UDP/443

    Yes

    SSO Mobility Agent, FSSO

    TCP/8001

    Compliance and Security Fabric

    TCP/8013

    Yes

    FortiExtender

    Control channel

    UDP/5246

    Yes

    Data channel

    UDP/25246

    Yes

    FortiGate

    HA Heartbeat

    ETH Layer 0x8890, 0x8891, 0x8893

    HA Synchronization

    TCP/703

    UDP/703

    Administrator Access

    TCP/22, TCP/80, TCP/443

    Yes

    ICMP

    IPsec VPN

    UDP/500, UDP/4500

    Yes

    ESP (IP 50)

    IPsec VPN Forward Error Correction

    UDP/50000

    Unicast Heartbeat for Azure

    UDP/730

    DNS for Azure

    UDP/53

    Security Fabric

    TCP/8013

    Yes

    UDP/8014

    FortiGuard

    IPv4 FGFM tunnel

    TCP/541

    IPv6 FGFM tunnel

    TCP/542

    FortiManager

    IPv4 FGFM tunnel

    TCP/541

    IPv6 FGFM tunnel

    TCP/542

    FortiPortal

    API for communication (FortiOS REST API)

    TCP/443

    FortiToken Mobile

    Approve/deny response from FortiToken Mobile

    TCP/4433

    Yes

    FSSO server

    FSSO

    TCP/8001

    Yes

    Others

    Administrator Access (SSH, HTTPS, HTTP)

    TCP/22, TCP/80, TCP/443

    Yes

    ICMP

    Policy Override Authentication

    TCP/443, TCP/8008, TCP/8010, TCP/8015, TCP/8020

    Yes

    Policy Override Keepalive

    TCP/1000, TCP/1003

    SSL VPN

    TCP/443

    Yes

    ACME service

    TCP/80, TCP/443

    AeroScout Vendor port

    UDP/1144

    External captive portal authentication with FortiAP in bridge mode

    UDP/2000

    RADIUS DAS feature - RFC 5176

    UDP/3799

    Note

    Enabling some services will cause additional standard ports to open as the protocol necessitates. For example, enabling BGP will open TCP port 179. See View open and in use ports for more information.
    Previous
    Next

    Incoming ports

    Incoming ports

    Product

    Purpose

    Ports and protocols

    Configurable

    FortiAP-S

    Syslog, Registration, Quarantine, Log & Report

    TCP/443

    CAPWAP

    UDP/5246-5247

    FortiAuthenticator

    Policy Authentication through Captive Portal

    TCP/1000

    RADIUS Disconnect

    TCP/3799

    FortiClient

    Remote IPsec VPN

    UDP/500, UDP/4500

    Yes

    ESP (IP 50)

    Remote SSL VPN

    TCP/443

    Yes

    Remote SSL VPN when DTLS enabled

    UDP/443

    Yes

    SSO Mobility Agent, FSSO

    TCP/8001

    Compliance and Security Fabric

    TCP/8013

    Yes

    FortiExtender

    Control channel

    UDP/5246

    Yes

    Data channel

    UDP/25246

    Yes

    FortiGate

    HA Heartbeat

    ETH Layer 0x8890, 0x8891, 0x8893

    HA Synchronization

    TCP/703

    UDP/703

    Administrator Access

    TCP/22, TCP/80, TCP/443

    Yes

    ICMP

    IPsec VPN

    UDP/500, UDP/4500

    Yes

    ESP (IP 50)

    IPsec VPN Forward Error Correction

    UDP/50000

    Unicast Heartbeat for Azure

    UDP/730

    DNS for Azure

    UDP/53

    Security Fabric

    TCP/8013

    Yes

    UDP/8014

    FortiGuard

    IPv4 FGFM tunnel

    TCP/541

    IPv6 FGFM tunnel

    TCP/542

    FortiManager

    IPv4 FGFM tunnel

    TCP/541

    IPv6 FGFM tunnel

    TCP/542

    FortiPortal

    API for communication (FortiOS REST API)

    TCP/443

    FortiToken Mobile

    Approve/deny response from FortiToken Mobile

    TCP/4433

    Yes

    FSSO server

    FSSO

    TCP/8001

    Yes

    Others

    Administrator Access (SSH, HTTPS, HTTP)

    TCP/22, TCP/80, TCP/443

    Yes

    ICMP

    Policy Override Authentication

    TCP/443, TCP/8008, TCP/8010, TCP/8015, TCP/8020

    Yes

    Policy Override Keepalive

    TCP/1000, TCP/1003

    SSL VPN

    TCP/443

    Yes

    ACME service

    TCP/80, TCP/443

    AeroScout Vendor port

    UDP/1144

    External captive portal authentication with FortiAP in bridge mode

    UDP/2000

    RADIUS DAS feature - RFC 5176

    UDP/3799

    Note

    Enabling some services will cause additional standard ports to open as the protocol necessitates. For example, enabling BGP will open TCP port 179. See View open and in use ports for more information.
    Previous
    Next