Appendix C - FortiNDR ports
FortiNDR requires the following ports.
Item |
Protocol and port number |
Direction |
---|---|---|
API submission, such as FortiSandbox |
TCP 443 |
Inbound |
Checksum synchronization |
TCP 20004 |
Inbound and outbound between FortiNDR units in an HA group. |
CLI | TCP 22 |
Inbound SSH |
Data synchronization |
TCP 20003 |
Inbound and outbound between FortiNDR units in an HA group. |
DB synchronization |
TCP 5432 |
Inbound and outbound between FortiNDR units in an HA group. |
File synchronization |
TCP 20002 |
Inbound and outbound between FortiNDR units in an HA group. |
FortiGate quarantine |
TCP 443 |
Outbound to FortiGate |
FortiGuard update | TCP 443 |
Outbound |
IOC lookup |
TCP 443 |
Outbound to productapi.fortinet.com |
IOT lookup |
TCP 443 |
Outbound to globalguardservice.fortinet.net |
GUI | TCP 443 |
Inbound web browser |
HA heartbeat signal |
UDP 20000 |
Inbound and outbound between FortiNDR units in an HA group. |
ICAP | TCP 1344, 11344 |
Inbound |
Network File Share |
TCP 139, 445, 2049 (NFS) |
Outbound to file server |
OFTP server |
TCP 514 |
Inbound |
Security Fabric with FortiGate | TCP 443 |
Outbound to root FortiGate for Security Fabric communication |
Security Fabric with FortiGate | TCP 8013 |
Outbound to root FortiGate in Security Fabric |
Synchronization control |
UDP 20001 |
Inbound and outbound between FortiNDR units in an HA group. |
Web Filter query |
UDP 53 |
Outbound to service.fortiguard.net |