Outgoing ports
The following table identifies the ports for traffic originating from FortiManager and FortiAnalyzer units.
| Outgoing Port Purpose | Port(s) |
|---|---|
|
SMTP alert email |
TCP/25 |
|
TACACS+ authentication |
TCP/49 |
|
User name LDAP queries for reports |
TCP/389 or TCP/636 |
|
Register FortiGate devices to FortiManager or FortiAnalyzer for configuration management |
TCP/541 (IPv4) TCP/542 (IPv6) |
|
RADIUS authentication |
TCP/1812 |
|
Log aggregation client |
TCP/3000 |
|
Fortinet registry for management extension applications, such as FortiWLM MEA |
TCP/4443 |
|
FortiManager high-availability (HA) and configuration synchronization |
TCP/5199 |
|
Turn closed network mode logic on/off |
TCP/8880 When applied, FortiManager cannot fetch FortiGuard content from the public FortiGuard cloud. If your are using FortiManager as a FortiGuard server for your managed devices, you will need to manually upload FortiGuard content in FortiManager. |
|
DNS lookup |
UDP/53 |
|
NTP synchronization |
UDP/123 |
|
SNMP traps |
UDP/162 |
|
Syslog, log forwarding |
UDP/514 If reliable logging is enabled, syslog traffic can use TCP 514. |