Incoming ports
The following table identifies the incoming ports for FortiManager and how the ports interact with other products:
Product |
Purpose |
Protocol and Port |
---|---|---|
FortiGate
|
IPv4 FGFM management |
TCP/541 |
IPv6 FGFM management |
TCP/542 |
|
WebFilter queries, AV & IPS updates* |
UDP/53, UDP/8888 |
|
TCP/80, TCP/8888 |
||
Antispam* |
TCP/8889 |
|
UDP/8889 |
||
FortiGuard and FortiClient Web Filter and Email Filter* |
TCP/8900 |
|
Registration for license validation and UTM updates (AV, IPS)* |
TCP/8890, TCP/443 |
|
Logging (all Fortinet products) |
OFTP |
TCP/514 |
FortiManager
|
HA |
TCP/5199 |
Log aggregation server (requires FortiManager 800 series or higher) |
TCP/300 |
|
File query/AntiVirus query service** |
TCP/8900 |
|
Cascade mode for FortiClient AV packages update |
TCP/8891 |
|
GeoIP service** |
TCP/8900 |
|
FortiGuard and FortiClient Web Filter and Email Filter* |
TCP/8900 |
|
Non-Fortinet products |
Syslog |
UDP/514, TCP/514 |
Chromebook |
Logging |
TCP/8443 |
Management |
Ping |
ICMP |
SSH |
TCP/22 |
|
HTTP |
TCP/80 |
|
HTTPS |
TCP/443 |
|
Web Service (SOAP/XML API respectively) |
TCP/8080 |
|
JSON API |
TCP/443 |
|
SNMP query |
UDP/161 |
|
FortiGuard |
AV and IPS push updates |
UDP/9443 |
* Applies only when FortiManager is acting as a local FortiGuard server.
** In FortiManager 7.2.3 and earlier, File query/AntiVirus query service uses TCP/8902 and GeoIP service uses TCP/8903.