Appendix C: FortiNDR ports
FortiNDR requires the following ports.
Item |
Protocol and port number |
Direction |
---|---|---|
API submission, such as FortiSandbox |
TCP 443 |
Inbound |
Auto sample submit, |
TCP 25 |
Outbound to fndr.fortinet.com |
CLI | TCP 22 |
Inbound SSH |
Data synchronization |
TCP 20003 |
Inbound and outbound between FortiNDR units in an HA group. |
DB synchronization |
TCP 9440 |
Inbound and outbound between FortiNDR units in an HA group. |
File synchronization |
TCP 20002 |
Inbound and outbound between FortiNDR units in an HA group. |
FortiGate quarantine |
TCP 443 |
Outbound to FortiGate |
FortiGuard update | TCP 443 |
Initial outbound to:
For a complete list of the current Fortiguard update servers, please use the CLI |
GUI | TCP 443 |
Inbound web browser |
ICAP | TCP 1344, 11344 |
Inbound |
IOC lookup |
TCP 443 |
Outbound to productapi.fortinet.com |
IOT lookup |
TCP 443 |
Outbound to globalguardservice.fortinet.net |
Microsoft Active Directory |
TCP 636,389 |
Inbound and outbound |
NetFlow listen ports |
UDP 2055,6343,9995 |
Inbound |
Network File Share |
TCP 139, 445, 2049 (NFS) |
Outbound to file server |
OFTP server |
TCP 514 |
Inbound |
Security Fabric with FortiGate | TCP 443 |
Outbound to root FortiGate for Security Fabric communication |
Security Fabric with FortiGate | TCP 8013 |
Outbound to root FortiGate in Security Fabric |
Sensor Center command communication |
UDP 5566| |
Sensor to Center |
Sensor Center data synchronization |
TCP 9094 9096 |
Sensor to Center |
SYSLOG |
UDP 514 |
SYSLOG outbound |
Web Filter query |
UDP 53 |
Outbound to service.fortiguard.net |