Appendix C - FortiNDR ports
FortiNDR requires the following ports.
Item |
Protocol and port number |
Direction |
---|---|---|
API submission, such as FortiSandbox |
TCP 443 |
Inbound |
CLI | TCP 22 |
Inbound SSH |
FortiGate quarantine |
TCP 443 |
Outbound to FortiGate |
FortiGuard update | TCP 443 |
Outbound to:
|
IOC lookup |
TCP 443 |
Outbound to productapi.fortinet.com |
IOT lookup |
TCP 443 |
Outbound to globalguardservice.fortinet.net |
GUI | TCP 443 |
Inbound web browser |
ICAP | TCP 1344, 11344 |
Inbound |
NetFlow listen ports |
UDP 2055,6343,9995 |
Inbound |
Network File Share |
TCP 139, 445, 2049 (NFS) |
Outbound to file server |
OFTP server |
TCP 514 |
Inbound |
Security Fabric with FortiGate | TCP 443 |
Outbound to root FortiGate for Security Fabric communication |
Security Fabric with FortiGate | TCP 8013 |
Outbound to root FortiGate in Security Fabric |
Web Filter query |
UDP 53 |
Outbound to service.fortiguard.net |
Microsoft Active Directory |
TCP 636,389 |
Inbound and outbound |