Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 3.1.4 Administration Guide
    3.1.4
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Default port information

    Default port information

    FortiSandbox treats Port1 or any other administrative port set through the CLI command set admin-port as reserved for device management, and Port3 be reserved for the Windows VM to communicate with the outside network. The other ports are used for file input and communication among cluster nodes. In cluster mode, FortiSandbox uses TCP ports 2015 and 2018 for cluster internal communication. If the unit works as a Collector to receive threat information from other units, it uses TCP port 2443

    The following tables list the default open ports for each FortiSandbox interface.

    FortiSandbox 3500D, 2000E, and 3000E default ports:

    Port (Interface)

    Type

    Default Open Ports

    Port1

    RJ-45

    TCP ports, 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail), SNMP local query port.

    FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

    FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

    Fortinet FortiSandbox VM download uses TCP port 443 for download. The FortiSandbox will use a random port picked by the kernel.

    FortiSandbox uses UDP port 53 or 8888 and TCP port 443 of the Community Cloud server to query existing results. Before release 3.0.0, if enabled, FortiSandbox uploads detected malware information to TCP port 443 of the Community Cloud server. Since 3.0.0, the TCP ports to use on server-side are 25, 465 or 587. The FortiSandbox will use a random port picked up by the kernel.

    If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

    Port2, Port4

    RJ-45

    No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

    Port3

    RJ-45

    No service listens. Reserved for guest VM to communicate with the outside network.

    Port5, Port6

    SFP+

    No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.
    FortiSandbox 3000D default ports:

    Port (Interface)

    Type

    Default Open Ports

    Port1

    RJ-45

    TCP ports, 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail). SNMP local query port.

    FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

    FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

    FortiSandbox uses UDP port 53 or 8888 and TCP port 443 of the Community Cloud server to query existing results. Before release 3.0.0, if enabled, FortiSandbox uploads detected malware information to TCP port 443 of the Community Cloud server. Since 3.0.0, the TCP ports to use on server-side are 25, 465 or 587. The FortiSandbox will use a random port picked up by the kernel.

    If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

    Port2, Port4

    RJ-45

    No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

    Port3

    RJ-45

    All ports are open. Reserved for guest VM to communicate with the outside network.

    Port5, Port6

    SFP

    No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

    Port7, Port8

    SFP+

    No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.
    FortiSandbox 1000D default ports:

    Port (Interface)

    Type

    Default Open Ports

    Port1

    RJ-45

    TCP ports 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail).

    FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

    FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

    FortiSandbox uses UDP port 53 or 8888 and TCP port 443 of the Community Cloud server to query existing results. Before release 3.0.0, if enabled, FortiSandbox uploads detected malware information to TCP port 443 of the Community Cloud server. Since 3.0.0, the TCP ports to use on server-side are 25, 465 or 587. The FortiSandbox will use a random port picked up by the kernel.

    If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

    Port2, Port4, Port5, Port6

    RJ-45

    No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

    Port3

    RJ-45

    All ports are open. Reserved for guest VM to communicate with the outside network.

    Port7, Port 8

    SFP

    No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

    All ports mentioned above are the same for both IPv4 and IPv6 protocols.

    You can dynamically change system firewall rules using the iptables CLI command. New rules will be lost after a system reboot.
    note icon

    If port3 of the FortiSandbox is connected to an interface behind the FortiGate device, make sure that the egress WAN interface does not have the Scan Outgoing Connections to Botnet Sites feature enabled, nor any active security profiles as this might impact the detection rate. If this is not possible, we recommend connecting the FortiSandbox port3 to a different egress WAN port or directly to the Internet in front of the perimeter firewall.

    For more information on FortiSandbox 1000D, FortiSandbox 3000D, FortiSandbox 3500D, FortiSandbox 2000E, and FortiSandbox 3000E interfaces, see Interfaces.

    Previous
    Next

    Default port information

    Default port information

    FortiSandbox treats Port1 or any other administrative port set through the CLI command set admin-port as reserved for device management, and Port3 be reserved for the Windows VM to communicate with the outside network. The other ports are used for file input and communication among cluster nodes. In cluster mode, FortiSandbox uses TCP ports 2015 and 2018 for cluster internal communication. If the unit works as a Collector to receive threat information from other units, it uses TCP port 2443

    The following tables list the default open ports for each FortiSandbox interface.

    FortiSandbox 3500D, 2000E, and 3000E default ports:

    Port (Interface)

    Type

    Default Open Ports

    Port1

    RJ-45

    TCP ports, 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail), SNMP local query port.

    FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

    FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

    Fortinet FortiSandbox VM download uses TCP port 443 for download. The FortiSandbox will use a random port picked by the kernel.

    FortiSandbox uses UDP port 53 or 8888 and TCP port 443 of the Community Cloud server to query existing results. Before release 3.0.0, if enabled, FortiSandbox uploads detected malware information to TCP port 443 of the Community Cloud server. Since 3.0.0, the TCP ports to use on server-side are 25, 465 or 587. The FortiSandbox will use a random port picked up by the kernel.

    If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

    Port2, Port4

    RJ-45

    No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

    Port3

    RJ-45

    No service listens. Reserved for guest VM to communicate with the outside network.

    Port5, Port6

    SFP+

    No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.
    FortiSandbox 3000D default ports:

    Port (Interface)

    Type

    Default Open Ports

    Port1

    RJ-45

    TCP ports, 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail). SNMP local query port.

    FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

    FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

    FortiSandbox uses UDP port 53 or 8888 and TCP port 443 of the Community Cloud server to query existing results. Before release 3.0.0, if enabled, FortiSandbox uploads detected malware information to TCP port 443 of the Community Cloud server. Since 3.0.0, the TCP ports to use on server-side are 25, 465 or 587. The FortiSandbox will use a random port picked up by the kernel.

    If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

    Port2, Port4

    RJ-45

    No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

    Port3

    RJ-45

    All ports are open. Reserved for guest VM to communicate with the outside network.

    Port5, Port6

    SFP

    No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

    Port7, Port8

    SFP+

    No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.
    FortiSandbox 1000D default ports:

    Port (Interface)

    Type

    Default Open Ports

    Port1

    RJ-45

    TCP ports 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail).

    FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

    FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

    FortiSandbox uses UDP port 53 or 8888 and TCP port 443 of the Community Cloud server to query existing results. Before release 3.0.0, if enabled, FortiSandbox uploads detected malware information to TCP port 443 of the Community Cloud server. Since 3.0.0, the TCP ports to use on server-side are 25, 465 or 587. The FortiSandbox will use a random port picked up by the kernel.

    If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

    Port2, Port4, Port5, Port6

    RJ-45

    No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

    Port3

    RJ-45

    All ports are open. Reserved for guest VM to communicate with the outside network.

    Port7, Port 8

    SFP

    No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

    All ports mentioned above are the same for both IPv4 and IPv6 protocols.

    You can dynamically change system firewall rules using the iptables CLI command. New rules will be lost after a system reboot.
    note icon

    If port3 of the FortiSandbox is connected to an interface behind the FortiGate device, make sure that the egress WAN interface does not have the Scan Outgoing Connections to Botnet Sites feature enabled, nor any active security profiles as this might impact the detection rate. If this is not possible, we recommend connecting the FortiSandbox port3 to a different egress WAN port or directly to the Internet in front of the perimeter firewall.

    For more information on FortiSandbox 1000D, FortiSandbox 3000D, FortiSandbox 3500D, FortiSandbox 2000E, and FortiSandbox 3000E interfaces, see Interfaces.

    Previous
    Next