Outgoing ports
The following table identifies the ports for traffic originating from FortiManager and FortiAnalyzer units.
| Outgoing Port Purpose | Port(s) |
|---|---|
|
Log and report upload |
TCP 21 or TCP 22 |
|
SMTP alert email |
TCP 25 |
|
TACACS+ authentication |
TCP 49 |
|
User name LDAP queries for reports |
TCP 389 or TCP 636 |
|
FDN (FortiGuard Distribution Network) connection For more details, see FortiManager and FortiGuard. |
TCP 443 |
|
Register FortiGate devices to FortiManager or FortiAnalyzer for configuration management |
TCP 541 (IPv4) TCP 542 (IPv6) |
|
RADIUS authentication |
TCP 1812 |
|
Log aggregation client |
TCP 3000 |
|
FortiManager high-availability (HA) and configuration synchronization |
TCP 5199 |
|
Turn closed network mode logic on/off |
TCP 8880 When applied, FortiManager cannot fetch FortiGuard content from the public FortiGuard cloud. If your are using FortiManager as a FortiGuard server for your managed devices, you will need to manually upload FortiGuard content in FortiManager. |
|
DNS lookup |
UDP 53 |
|
NTP synchronization |
UDP 123 |
|
SNMP traps |
UDP 162 |
|
Syslog, log forwarding |
UDP 514 If reliable logging is enabled, syslog traffic can use TCP 514. |