Administration Guide

Email concepts and process workflow
- Email protocols
- Client-server connections in SMTP
- DNS role in email delivery
- How FortiMail processes email
- FortiMail operation modes
- FortiMail high availability
- FortiMail management methods
Setting up the FortiMail system
- Connecting to the GUI or CLI
- Choosing the operation mode
- Running the Quick Start Wizard
- Connecting to FortiGuard services
- Gateway mode deployment
- Transparent mode deployment
- Server mode deployment
- Testing the installation
- Backing up the configuration
Using the dashboard
- Viewing the dashboard
- Using the CLI Console
Using FortiView
- Viewing mail statistics
- View threat statistics
- View outbreak statistics
- Viewing top user statistics
- Viewing current IP sessions
Monitoring the system
- Viewing log messages
- Managing the quarantines
- Managing the mail queue
- Viewing DMARC report statistics
  - Viewing the DMARC and SPF report summary
  - Viewing details about DMARC and SPF report statistics
- Viewing the greylist statuses
- Viewing sender, authentication and endpoint reputation
- Managing archived email
- Viewing reports
Centrally monitoring the HA cluster
- Viewing the cluster status
- Viewing HA cluster mail statistics
- Viewing HA cluster threat statistics
- Searching the HA cluster logs
Configuring system settings
- Configuring network settings
- Configuring administrator accounts and access profiles
- Configuring system time, options, and other system options
- Configuring mail settings
- Customizing GUI, custom messages, email templates, and Security Fabric
- Configuring single sign-on (SSO)
- Configuring RAID
- Using high availability (HA)
- Managing certificates
- Using FortiNDR malware inspection
- Using FortiSandbox antivirus inspection
- Configuring FortiGuard services and licensed features
  - Configuring licensed features
    - Configuring image analysis
- System maintenance
- System utility
Configuring domains and users
- Configuring protected domains
- Managing users
- Configuring user aliases
- Configuring address mappings
- Configuring IBE users
- Configuring the address book
- Sharing calendars and address books (server mode only)
- Migrating email from other mail servers (server mode only)
Configuring policies
- What is a policy?
- How to use policies
- Controlling SMTP access and delivery
- Controlling email based on IP addresses
- Controlling email based on sender and recipient addresses
Configuring profiles
- Configuring session profiles
- Configuring antispam profiles and actions
- Configuring antivirus profiles, file signatures, and actions
- Configuring content profiles and content action profiles
- Configuring replacement message profiles and variables
- Configuring resource profiles
- Workflow to enable and configure authentication of email users
- Configuring authentication profiles
- Configuring LDAP profiles
- Configuring dictionary profiles
- Configuring security profiles
- Configuring IP pools
- Configuring email, IP and GeoIP groups
- Configuring notification profiles
Configuring security settings
- Configuring URL filter profiles
- Configuring a threat feed
  - Types and file formats of threat feeds
- Configuring content disarming and reconstruction
- Configuring authentication reputation
- Configuring email quarantines and quarantine reports
- Configuring the block lists and safe lists
- Configuring greylisting
- Configuring bounce verification and tagging
- Configuring sender rewriting scheme
- Configuring endpoint reputation
- Configuring preferences
- Training and maintaining the Bayesian databases
Configuring encryption settings
- Configuring IBE encryption
- Configuring certificate bindings
Configuring data loss prevention
- DLP configuration workflow
- Defining the sensitive data
- Configuring DLP rules
- Configuring DLP profiles
Archiving email
- Email archiving workflow
- Configuring email archiving accounts
- Configuring email archiving policies
- Configuring email archiving exemptions
Logs, reports, and alerts
- About FortiMail logging
- Configuring logging
- Configuring report profiles and generating reports
- Configuring alert email
Microsoft 365, Exchange and Google Workspace threat remediation
- Microsoft 365, Exchange, and Google Workspace protection workflow
- Configuring accounts
- Configuring scanning policies
- Configuring profiles
- Monitoring log messages
Managing firmware and configuration
- Testing firmware before installing it
- Installing firmware
- Clean installing firmware
- Upgrading firmware on HA units
Best practices and fine tuning
- General security tuning
- System security tuning
- Network topology tuning
- High availability (HA) tuning
- SMTP connectivity tuning
- Antispam tuning
- Policy tuning
- System maintenance tips
- Performance tuning
Troubleshooting
- Establish a system baseline
- Define the problem
- Search for a known solution
- Create a troubleshooting plan
- Gather system information
- Troubleshoot hardware issues
- Troubleshoot GUI and CLI connection issues
- Troubleshoot FortiGuard connection issues
- Troubleshoot MTA issues
- Troubleshoot antispam issues
- Troubleshoot HA issues
- Troubleshoot resource issues
- Troubleshoot bootup issues
- Troubleshoot installation issues
- Contact Fortinet customer support for assistance
Setup for email users
- Training Bayesian databases
- Managing tagged spam
- Accessing the personal quarantine and webmail
- Sending email from an email client (gateway and transparent mode)
Appendix A: Supported RFCs
Appendix B: Maximum Values
Appendix C: Port Numbers
Appendix D: Wildcards and regular expressions
- Special characters with regular expressions and wildcards
- Case sensitivity
- Modifiers
- Word boundary
- Syntax
- Example regular expressions
Appendix E: Working with TLS/SSL
- About TLS/SSL
- How TLS/SSL works
- FortiMail support of TLS/SSL
- Troubleshooting FortiMail TLS issues
Appendix F: PKI Authentication
- Introduction to PKI authentication
- FortiMail PKI architecture
- Configuring PKI authentication on FortiMail
Change log

Home FortiMail 7.6.0 Administration Guide

7.6.0

Appendix C: Port Numbers

Firewalls (if any) between FortiMail and other devices may need to open the following inbound (listening) and outbound ports in order to communicate with other devices. Required port numbers vary by which features you enable.

Default port numbers are listed. Many are configurable. See the links in each row of:

Incoming (listening) port numbers
Outgoing port numbers

In its factory default configuration, FortiMail does not accept packets on any port except port1 and port2 network interfaces, which only accept:

ICMP ping
HTTPS connections on TCP/443 to the administrative GUI
SSH connections on TCP/22 to the CLI

Incoming (listening) port numbers

FortiMail features listen for communications from other devices on these ports.

If port forwarding is enabled, then the FortiMail unit listens on more port numbers that are not associated with FortiMail features, but instead are forwarded to other devices on the network. See Configuring port forwarding. If traffic capture is enabled, then the FortiMail unit listens on port numbers that are specified by the filter. See Traffic capture.

Default Port Number	IP Protocol	Source IP address	Purpose
80	TCP	Administrators Email users	Administrative GUI (HTTP) Quarantine access Webmail (server mode only)
443	TCP	Administrators Email users	Administrative GUI (HTTPS) REST API Quarantine access Webmail (server mode only)
22	TCP	Administrators FortiManager	Administrative CLI (SSH) Configuration and firmware push
23	TCP	Administrators	Administrative CLI (Telnet)
161	UDP	FortiManager	SNMPquery
25	TCP	Email servers, relays Email users	Email relay/proxy/server (SMTP) Spam sample submission by email users
465	TCP	Email servers, relays Email users	Email relay/proxy/server (SMTPS) Spam sample submission by email users
587	TCP	Email users	Email sending (SMTP for email users to send email separately from relays/servers)
143	TCP		Email (IMAP; server mode only) Email archive access
993	TCP		Email (IMAPS; server mode only) Email archive access
110	TCP		Email (POP3; server mode only) Quarantine access
995	TCP		Email (POP3S; server mode only)
443	TCP	FortiMail Note: All HA ports need to be open for communication between primary and secondary units and also between secondary and secondary units.	HA centralized monitoring
6688	TCP		HA centralized monitoring
20000	UDP and TCP		HA heartbeat signal (base port)
20001	UDP and TCP		HA synchronization control
20002	TCP		HA file synchronization
20003	TCP		HA data synchronization
20004	TCP		HA checksum synchronization
20005	UDP and TCP		HA cluster join request
20010-20014	UDP and TCP		HA group mode
25	TCP		HA service monitoring (SMTP)
80	TCP		HA service monitoring (HTTP)
110	TCP		HA service monitoring (POP3)
143	TCP		HA service monitoring (IMAP)
9443	UDP		(Deprecated) FortiGuard Antivirus push
443	TCP	FortiGate	Security Fabric (HTTPS management)

Outgoing port numbers

FortiMail communicates to these port numbers on other servers and devices.

Default Port Number	IP Protocol	Destination IP Address	Purpose
443	TCP	Directory server	Authentication (HTTPS SAML SSO)
389	TCP and UDP		Authentication (LDAP)
636	TCP		Authentication (LDAPS)
1812	TCP		Authentication (RADIUS)
143	TCP	Email server	Authentication (IMAP)
993	TCP		Authentication (IMAPS)
110	TCP		Authentication (POP3)
995	TCP		Authentication (POP3S)
25	TCP		Authentication (SMTP) Email delivery to protected domains (SMTP) Recipient address verification Delivery failure notifications (DSN) Alert email
465	TCP		Authentication (SMTPS) Email delivery to protected domains (SMTPS) Recipient address verification Delivery failure notifications (DSN) Alert email
21	TCP	Network attached storage or file share server	Backup of configuration (FTP)
22	TCP		Backup of configuration (SFTP/SSH)
22	TCP		Backup of mailboxes (SFTP/SSH)
445	TCP and UDP		Backup of mailboxes (SMB/CIFS)
3260	TCP		Backup of mailboxes (iSCSI)
2049	TCP and UDP		Backup of mailboxes (NFS)
2049	TCP and UDP		External storage for mailboxes and quarantine (NFS)
3260	TCP		External storage for mailboxes and quarantine (iSCSI)
443 or 8890	TCP	Fortinet	FortiGuard Antivirus engine and virus signature updates (see also Required URLs for FortiGuard services) License validation
53 or 8888	UDP or TCP	Fortinet	FortiGuard Antispam rating query
53	UDP	DNSBL server	Third-party DNSBL/RBL spam rating query
53	UDP	SURBL server	Third-party SURBL URL rating query
53	UDP	DNS server	Domain name resolution (DNS) Record queries such as MX and DKIM
123	UDP	Fortinet Time server	Time synchronization (NTP)
443	TCP	FortiMail Note: All HA ports need to be open for communication between primary and secondary units and also between secondary and secondary units.	HA centralized monitoring
6688	TCP		HA centralized monitoring
20000	UDP and TCP		HA heartbeat signal (base port)
20001	UDP and TCP		HA synchronization control
(20002	TCP		HA file synchronization
20003	TCP		HA data synchronization
20004	TCP		HA checksum synchronization
20005	UDP and TCP		HA cluster join request
20010-20014	UDP and TCP		HA group mode
25	TCP		HA service monitoring (SMTP)
80	TCP		HA service monitoring (HTTP)
110	TCP		HA service monitoring (POP3)
143	TCP		HA service monitoring (IMAP)
514	TCP		Centralized quarantine (clear text)
6514	TCP		Centralized quarantine (secure)
8013	TCP	FortiGate	Security Fabric (HTTPS to upstream) FortiView
443	TCP	FortiNDR	File scan
443	TCP	FortiSandbox	URL scan (HTTPS)
514	TCP	FortiSandbox	File scan (OFTPS)
443	TCP	FortiManager	Registration, configuration backup/pull, and firmware pull
162	UDP	FortiManager	Event traps (SNMP)
514	UDP and TCP	FortiAnalyzer Syslog	Logging
80 or 443	TCP	Dynamic DNS servers	Dynamic DNS (HTTP or HTTPS)
80 and 443	TCP	Web servers	Resolution of URL redirects (for example, tiny URLs) into the target URL
80, or port number in OCSP certificate	TCP	Directory or PKI servers	Certificate revokation query

Required URLs for FortiGuard services

Firewalls and web filters between the FortiMail unit and the Internet must allow requests to the following URLS, which are used by FortiMail features that connect to Fortinet's FortiGuard services:

update.fortiguard.net
securewf.fortiguard.net (global) or securewf.fortiguard.net (United States only)
service.fortiguard.net (global) or usservice.fortiguard.net (United States only)

Appendix C: Port Numbers

Default port numbers are listed. Many are configurable. See the links in each row of:

Incoming (listening) port numbers
Outgoing port numbers

In its factory default configuration, FortiMail does not accept packets on any port except port1 and port2 network interfaces, which only accept:

ICMP ping
HTTPS connections on TCP/443 to the administrative GUI
SSH connections on TCP/22 to the CLI

Incoming (listening) port numbers

FortiMail features listen for communications from other devices on these ports.

Default Port Number	IP Protocol	Source IP address	Purpose
80	TCP	Administrators Email users	Administrative GUI (HTTP) Quarantine access Webmail (server mode only)
443	TCP	Administrators Email users	Administrative GUI (HTTPS) REST API Quarantine access Webmail (server mode only)
22	TCP	Administrators FortiManager	Administrative CLI (SSH) Configuration and firmware push
23	TCP	Administrators	Administrative CLI (Telnet)
161	UDP	FortiManager	SNMPquery
25	TCP	Email servers, relays Email users	Email relay/proxy/server (SMTP) Spam sample submission by email users
465	TCP	Email servers, relays Email users	Email relay/proxy/server (SMTPS) Spam sample submission by email users
587	TCP	Email users	Email sending (SMTP for email users to send email separately from relays/servers)
143	TCP		Email (IMAP; server mode only) Email archive access
993	TCP		Email (IMAPS; server mode only) Email archive access
110	TCP		Email (POP3; server mode only) Quarantine access
995	TCP		Email (POP3S; server mode only)
443	TCP	FortiMail Note: All HA ports need to be open for communication between primary and secondary units and also between secondary and secondary units.	HA centralized monitoring
6688	TCP		HA centralized monitoring
20000	UDP and TCP		HA heartbeat signal (base port)
20001	UDP and TCP		HA synchronization control
20002	TCP		HA file synchronization
20003	TCP		HA data synchronization
20004	TCP		HA checksum synchronization
20005	UDP and TCP		HA cluster join request
20010-20014	UDP and TCP		HA group mode
25	TCP		HA service monitoring (SMTP)
80	TCP		HA service monitoring (HTTP)
110	TCP		HA service monitoring (POP3)
143	TCP		HA service monitoring (IMAP)
9443	UDP		(Deprecated) FortiGuard Antivirus push
443	TCP	FortiGate	Security Fabric (HTTPS management)

Outgoing port numbers

FortiMail communicates to these port numbers on other servers and devices.

Default Port Number	IP Protocol	Destination IP Address	Purpose
443	TCP	Directory server	Authentication (HTTPS SAML SSO)
389	TCP and UDP		Authentication (LDAP)
636	TCP		Authentication (LDAPS)
1812	TCP		Authentication (RADIUS)
143	TCP	Email server	Authentication (IMAP)
993	TCP		Authentication (IMAPS)
110	TCP		Authentication (POP3)
995	TCP		Authentication (POP3S)
25	TCP		Authentication (SMTP) Email delivery to protected domains (SMTP) Recipient address verification Delivery failure notifications (DSN) Alert email
465	TCP		Authentication (SMTPS) Email delivery to protected domains (SMTPS) Recipient address verification Delivery failure notifications (DSN) Alert email
21	TCP	Network attached storage or file share server	Backup of configuration (FTP)
22	TCP		Backup of configuration (SFTP/SSH)
22	TCP		Backup of mailboxes (SFTP/SSH)
445	TCP and UDP		Backup of mailboxes (SMB/CIFS)
3260	TCP		Backup of mailboxes (iSCSI)
2049	TCP and UDP		Backup of mailboxes (NFS)
2049	TCP and UDP		External storage for mailboxes and quarantine (NFS)
3260	TCP		External storage for mailboxes and quarantine (iSCSI)
443 or 8890	TCP	Fortinet	FortiGuard Antivirus engine and virus signature updates (see also Required URLs for FortiGuard services) License validation
53 or 8888	UDP or TCP	Fortinet	FortiGuard Antispam rating query
53	UDP	DNSBL server	Third-party DNSBL/RBL spam rating query
53	UDP	SURBL server	Third-party SURBL URL rating query
53	UDP	DNS server	Domain name resolution (DNS) Record queries such as MX and DKIM
123	UDP	Fortinet Time server	Time synchronization (NTP)
443	TCP	FortiMail Note: All HA ports need to be open for communication between primary and secondary units and also between secondary and secondary units.	HA centralized monitoring
6688	TCP		HA centralized monitoring
20000	UDP and TCP		HA heartbeat signal (base port)
20001	UDP and TCP		HA synchronization control
(20002	TCP		HA file synchronization
20003	TCP		HA data synchronization
20004	TCP		HA checksum synchronization
20005	UDP and TCP		HA cluster join request
20010-20014	UDP and TCP		HA group mode
25	TCP		HA service monitoring (SMTP)
80	TCP		HA service monitoring (HTTP)
110	TCP		HA service monitoring (POP3)
143	TCP		HA service monitoring (IMAP)
514	TCP		Centralized quarantine (clear text)
6514	TCP		Centralized quarantine (secure)
8013	TCP	FortiGate	Security Fabric (HTTPS to upstream) FortiView
443	TCP	FortiNDR	File scan
443	TCP	FortiSandbox	URL scan (HTTPS)
514	TCP	FortiSandbox	File scan (OFTPS)
443	TCP	FortiManager	Registration, configuration backup/pull, and firmware pull
162	UDP	FortiManager	Event traps (SNMP)
514	UDP and TCP	FortiAnalyzer Syslog	Logging
80 or 443	TCP	Dynamic DNS servers	Dynamic DNS (HTTP or HTTPS)
80 and 443	TCP	Web servers	Resolution of URL redirects (for example, tiny URLs) into the target URL
80, or port number in OCSP certificate	TCP	Directory or PKI servers	Certificate revokation query

Required URLs for FortiGuard services

Firewalls and web filters between the FortiMail unit and the Internet must allow requests to the following URLS, which are used by FortiMail features that connect to Fortinet's FortiGuard services:

update.fortiguard.net
securewf.fortiguard.net (global) or securewf.fortiguard.net (United States only)
service.fortiguard.net (global) or usservice.fortiguard.net (United States only)

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Administration Guide

Appendix C: Port Numbers

Appendix C: Port Numbers

Incoming (listening) port numbers

Outgoing port numbers

Required URLs for FortiGuard services

Appendix C: Port Numbers

Appendix C: Port Numbers

Incoming (listening) port numbers

Outgoing port numbers

Required URLs for FortiGuard services