Fortinet white logo
Fortinet white logo

Administration Guide

Default port information

Default port information

FortiSandbox treats Port1 or any other administrative port set through the CLI command set admin-port as reserved for device management, and Port3 be reserved for the Windows VM to communicate with the outside network. The other ports are used for file input and communication among cluster nodes. In cluster mode, FortiSandbox uses TCP ports 2015 and 2018 for cluster internal communication. If the unit works as a Collector to receive threat information from other units, it uses TCP port 2443

The following tables list the default open ports for each FortiSandbox interface.

FortiSandbox 2000E, and 3000E default ports

Port (Interface)

Type

Default Open Ports

Port1

RJ-45

TCP ports, 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail), SNMP local query port.

FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked by the kernel. Connectivity can be secured by enabling Secure Connection under System > FortiGuard > FortiGuard Web Filter Settings. Enabling Secure Connection will change the traffic from UDP/53 & UDP/8888 to TCP/53 & TCP/8888.

Fortinet FortiSandbox VM download uses TCP port 443 for download. The FortiSandbox will use a random port picked by the kernel.

If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

Port2, Port4

RJ-45

No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

Port3

RJ-45

No service listens. Reserved for guest VM to communicate with the outside network.

Port5, Port6

SFP+

No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

All ports mentioned above are the same for both IPv4 and IPv6 protocols.

You can dynamically change system firewall rules using the iptables CLI command. New rules will be lost after a system reboot.

note icon

If port3 of the FortiSandbox is connected to an interface behind the FortiGate device, make sure that the egress WAN interface does not have the Scan Outgoing Connections to Botnet Sites feature enabled, nor any active security profiles as this might impact the detection rate. If this is not possible, we recommend connecting the FortiSandbox port3 to a different egress WAN port or directly to the Internet in front of the perimeter firewall.

For more information on FortiSandbox 2000E, and FortiSandbox 3000E interfaces, see Interfaces.

Default port information

Default port information

FortiSandbox treats Port1 or any other administrative port set through the CLI command set admin-port as reserved for device management, and Port3 be reserved for the Windows VM to communicate with the outside network. The other ports are used for file input and communication among cluster nodes. In cluster mode, FortiSandbox uses TCP ports 2015 and 2018 for cluster internal communication. If the unit works as a Collector to receive threat information from other units, it uses TCP port 2443

The following tables list the default open ports for each FortiSandbox interface.

FortiSandbox 2000E, and 3000E default ports

Port (Interface)

Type

Default Open Ports

Port1

RJ-45

TCP ports, 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail), SNMP local query port.

FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked by the kernel. Connectivity can be secured by enabling Secure Connection under System > FortiGuard > FortiGuard Web Filter Settings. Enabling Secure Connection will change the traffic from UDP/53 & UDP/8888 to TCP/53 & TCP/8888.

Fortinet FortiSandbox VM download uses TCP port 443 for download. The FortiSandbox will use a random port picked by the kernel.

If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

Port2, Port4

RJ-45

No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

Port3

RJ-45

No service listens. Reserved for guest VM to communicate with the outside network.

Port5, Port6

SFP+

No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

All ports mentioned above are the same for both IPv4 and IPv6 protocols.

You can dynamically change system firewall rules using the iptables CLI command. New rules will be lost after a system reboot.

note icon

If port3 of the FortiSandbox is connected to an interface behind the FortiGate device, make sure that the egress WAN interface does not have the Scan Outgoing Connections to Botnet Sites feature enabled, nor any active security profiles as this might impact the detection rate. If this is not possible, we recommend connecting the FortiSandbox port3 to a different egress WAN port or directly to the Internet in front of the perimeter firewall.

For more information on FortiSandbox 2000E, and FortiSandbox 3000E interfaces, see Interfaces.