Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 5.4.0 External Systems Configuration Guide
    5.4.0
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    FortiSIEM External Ports

    FortiSIEM External Ports

    This chapter describes the external communication ports needed for various FortiSIEM nodes to work. The ports are broken down for:

    Supervisor Communication

    From

    To

    Inbound or Outbound

    Ports

    Services

    FortiSIEM Management User

    Supervisor

    Inbound

    TCP/22

    Admin access via SSH

    FortiSIEM Management User

    Supervisor

    Inbound

    ICMP

    Monitoring via ICMP

    FortiSIEM Management User

    Supervisor

    Inbound

    TCP/443

    GUI access via HTTPS

    Collector, Worker, Windows Agent, Linux Agent

    Supervisor

    Inbound

    TCP/443

    REST API access via HTTPS

    Worker

    Supervisor

    Inbound

    TCP/5432

    PostGreSQL

    Supervisor

    Report Server

    Outbound

    TCP/5432

    PostGreSQL (report loading)

    Worker

    Supervisor

    Inbound

    TCP/7914

    phParser on Worker to phParser on Supervisor for EPS enforcement

    Worker

    Supervisor

    Inbound

    TCP/7900

    phMonitorWorker to phMonitorSuper communication

    Supervisor

    Worker

    Outbound

    TCP/7900

    phMonitorSuper to phMonitorWorker Communication

    Worker

    Supervisor

    Inbound

    TCP/7918

    phQueryWorker to phQueryMaster Communication

    Supervisor

    Worker

    Outbound

    TCP/7916

    phQueryMaster to phQueryWorker communication

    Worker

    Supervisor

    Inbound

    TCP/7922

    phRuleWorker to phRuleMaster communication

    Supervisor 5.3

    Worker

    Outbound

    TCP/7920

    phQueryMaster to phDataManager for trigger event query

    Worker

    Supervisor

    Inbound

    TCP/7934

    phReportWorker to phReportMaster Communication

    Worker

    Supervisor

    Inbound

    TCP/7938

    phIdentityWorker to phIpIdentityMaster

    Supervisor

    Worker

    Outbound

    TCP/6666

    Redis communication

    Supervisor

    External Device

    Outbound

    UDP/161

    SNMP based monitoring

    External Device

    Supervisor

    Inbound

    TCP/21

    FTP (for receiving Bluecoat logs via ftp)

    External Device

    Supervisor

    Inbound

    UDP/162

    SNMP Trap

    External Device

    Supervisor

    Inbound

    UDP/514

    UDP syslog

    External Device

    Supervisor

    Inbound

    TCP/514

    TCP syslog

    External Device

    Supervisor

    Inbound

    SSL/6514

    Syslog over TLS

    External Device

    Supervisor

    Inbound

    UDP/2055

    NetFlow

    Supervisor

    External Windows Devices

    Outbound

    TCP/135

    WMI based monitoring and log collection

    Supervisor

    External Devices

    Outbound

    TCP/389

    LDAP discovery

    Supervisor

    External Devices

    Outbound

    TCP/1433

    JDBC based monitoring and data collection

    Supervisor

    External Devices

    Outbound

    UDP/8686

    JMX based monitoring and data collection

    Supervisor

    Checkpoint

    Outbound

    TCP/18184

    Checkpoint LEA based log collection

    Supervisor

    Checkpoint

    Outbound

    TCP/18190

    Checkpoint CPMI based data collection

    Supervisor

    External Device

    Outbound

    TCP/443

    HTTPS based log collection

    Supervisor

    External Device

    Outbound

    TCP/110

    POP3 for email monitoring (STM)

    Supervisor

    External Device

    Outbound

    TCP/143

    IMAP for email monitoring (STM)

    Supervisor

    External Device

    Outbound

    TCP/993

    IMAP/SSL for email monitoring (STM)

    Supervisor

    External Device

    Outbound

    TCP/995

    POP/SSL for email monitoring (STM)

    Supervisor

    Mail Gateway

    Outbound

    TCP/SMTP

    Sending email notification

    Supervisor

    NFS Server

    Outbound

    UDP/111, TCP/111

    NFS Portmapper for writing events in NFS based deployments

    Supervisor

    Elasticsearch Coordinating Node

    Outbound

    HTTPS/9200 (configurable)

    Storing events for Elasticsearch based deployments

    Supervisor

    Elasticsearch Coordinating Node

    Outbound

    HTTPS/9300 or HTTPS/443 (configurable)

    Querying events for Elasticsearch based deployments

    Supervisor

    Spark Master Node

    Outbound

    HTTPS/7077 (configurable)

    Querying events for HDFS based deployments

    Supervisor

    HDFS Name Node

    Outbound

    HTTPS/9000 (configurable)

    Archiving events for HDFS based deployments

    Worker Communication

    From

    To

    Inbound or Outbound

    Ports

    Services

    FortiSIEM Management User

    Worker

    Inbound

    TCP/22

    Admin access via SSH

    FortiSIEM Management User

    Worker

    Inbound

    ICMP

    ICMP

    Collector

    Worker

    Inbound

    TCP/443

    REST API access via HTTPS

    Worker

    Supervisor

    Outbound

    TCP/5432

    PostGreSQL

    Worker

    Supervisor

    Outbound

    TCP/7914

    phParser on Worker to phParser on Supervisor for EPS enforcement

    Worker

    Supervisor

    Outbound

    TCP/7900

    phMonitorWorker to phMonitorSuper communication

    Supervisor

    Worker

    Inbound

    TCP/7900

    phMonitorSuper to phMonitorWorker Communication

    Worker

    Supervisor

    Outbound

    TCP/7918

    phQueryWorker to phQueryMaster Communication

    Supervisor

    Worker 5.3

    Inbound

    TCP/7916

    phQueryMaster to phQueryWorker communication

    Worker

    Supervisor

    Outbound

    TCP/7922

    phRuleWorker to phRuleMaster communication

    Worker

    Supervisor

    Outbound

    SSL/7922

    phRuleWorker to phRuleMaster communication

    Supervisor 5.3

    Worker

    Inbound

    TCP/7920

    phQueryMaster to phDataManager for trigger event query

    Worker

    Supervisor

    Outbound

    TCP/7934

    phReportWorker to phReportMaster Communication

    Worker

    Supervisor

    Outbound

    TCP/7938

    phIdentityWorker to phIpIdentityMaster

    Supervisor

    Worker

    Inbound

    TCP/6666

    Redis communication

    Worker

    External Device

    Outbound

    UDP/161

    SNMP based monitoring

    External Device

    Worker

    Inbound

    TCP/21

    FTP (for receiving Bluecoat logs via ftp)

    External Device

    Worker

    Inbound

    UDP/162

    SNMP Trap

    External Device

    Worker

    Inbound

    UDP/514

    UDP syslog

    External Device

    Worker

    Inbound

    TCP/514

    TCP syslog

    External Device

    Worker

    Inbound

    SSL/6514

    Syslog over TLS

    External Device

    Worker

    Inbound

    UDP/2055

    NetFlow

    Worker

    External Windows Devices

    Outbound

    TCP/135

    WMI based monitoring and log collection

    Worker

    External Devices

    Outbound

    TCP/389

    LDAP discovery

    Worker

    External Devices

    Outbound

    TCP/1433

    JDBC based monitoring and data collection

    Worker

    External Devices

    Outbound

    UDP/8686

    JMX based monitoring and data collection

    Worker

    Checkpoint

    Outbound

    TCP/18184

    Checkpoint LEA based log collection

    Worker

    Checkpoint

    Outbound

    TCP/18190

    Checkpoint CPMI based data collection

    Worker

    External Device

    Outbound

    TCP/443

    HTTPS based log collection

    Worker

    External Device

    Outbound

    TCP/110

    POP3 for email monitoring (STM)

    Worker

    External Device

    Outbound

    TCP/143

    IMAP for email monitoring (STM)

    Worker

    External Device

    Outbound

    TCP/993

    IMAP/SSL for email monitoring (STM)

    Worker

    External Device

    Outbound

    TCP/995

    POP/SSL for email monitoring (STM)

    Worker

    NFS Server

    Outbound

    UDP/111, TCP/111

    NFS Portmapper for writing events in NFS based deployments

    Worker

    Elasticsearch Coordinating Node

    Outbound

    HTTPS/9200 (configurable)

    Storing events for Elasticsearch based deployments

    Worker

    HDFS Name Node

    Outbound

    HTTPS/9000 (configurable)

    Archiving events for HDFS based deployments

    Collector Communication

    From

    To

    Inbound or Outbound

    Ports

    Services

    FortiSIEM Management User

    Collector

    Inbound

    TCP/22

    Admin access via SSH

    FortiSIEM Management User

    Collector

    Inbound

    ICMP

    ICMP

    Collector

    Collector

    Outbound

    TCP/443

    REST API access via HTTPS

    Collector

    Supervisor

    Outbound

    TCP/443

    REST API access via HTTPS

    Collector

    External Device

    Outbound

    UDP/161

    SNMP based monitoring

    External Device

    Collector

    Inbound

    TCP/21

    FTP (for receiving Bluecoat logs via ftp)

    External Device

    Collector

    Inbound

    UDP/162

    SNMP Trap

    External Device

    Collector

    Inbound

    UDP/514

    UDP syslog

    External Device

    Collector

    Inbound

    TCP/514

    TCP syslog

    External Device

    Collector

    Inbound

    SSL/6514

    Syslog over TLS

    External Device

    Collector

    Inbound

    UDP/2055

    NetFlow

    Collector

    External Windows Devices

    Outbound

    TCP/135

    WMI based monitoring and log collection

    Collector

    External Devices

    Outbound

    TCP/389

    LDAP discovery

    Collector

    External Devices

    Outbound

    TCP/1433

    JDBC based monitoring and data collection

    Collector

    External Devices

    Outbound

    UDP/8686

    JMX based monitoring and data collection

    Collector

    Checkpoint

    Outbound

    TCP/18184

    Checkpoint LEA based log collection

    Collector

    Checkpoint

    Outbound

    TCP/18190

    Checkpoint CPMI based data collection

    Collector

    External Device

    Outbound

    TCP/443

    HTTPS based log collection

    Collector

    External Device

    Outbound

    TCP/110

    POP3 for email monitoring (STM)

    Collector

    External Device

    Outbound

    TCP/143

    IMAP for email monitoring (STM)

    Collector

    External Device

    Outbound

    TCP/993

    IMAP/SSL for email monitoring (STM)

    Collector

    External Device

    Outbound

    TCP/995

    POP/SSL for email monitoring (STM)

    Previous
    Next

    FortiSIEM External Ports

    FortiSIEM External Ports

    This chapter describes the external communication ports needed for various FortiSIEM nodes to work. The ports are broken down for:

    Supervisor Communication

    From

    To

    Inbound or Outbound

    Ports

    Services

    FortiSIEM Management User

    Supervisor

    Inbound

    TCP/22

    Admin access via SSH

    FortiSIEM Management User

    Supervisor

    Inbound

    ICMP

    Monitoring via ICMP

    FortiSIEM Management User

    Supervisor

    Inbound

    TCP/443

    GUI access via HTTPS

    Collector, Worker, Windows Agent, Linux Agent

    Supervisor

    Inbound

    TCP/443

    REST API access via HTTPS

    Worker

    Supervisor

    Inbound

    TCP/5432

    PostGreSQL

    Supervisor

    Report Server

    Outbound

    TCP/5432

    PostGreSQL (report loading)

    Worker

    Supervisor

    Inbound

    TCP/7914

    phParser on Worker to phParser on Supervisor for EPS enforcement

    Worker

    Supervisor

    Inbound

    TCP/7900

    phMonitorWorker to phMonitorSuper communication

    Supervisor

    Worker

    Outbound

    TCP/7900

    phMonitorSuper to phMonitorWorker Communication

    Worker

    Supervisor

    Inbound

    TCP/7918

    phQueryWorker to phQueryMaster Communication

    Supervisor

    Worker

    Outbound

    TCP/7916

    phQueryMaster to phQueryWorker communication

    Worker

    Supervisor

    Inbound

    TCP/7922

    phRuleWorker to phRuleMaster communication

    Supervisor 5.3

    Worker

    Outbound

    TCP/7920

    phQueryMaster to phDataManager for trigger event query

    Worker

    Supervisor

    Inbound

    TCP/7934

    phReportWorker to phReportMaster Communication

    Worker

    Supervisor

    Inbound

    TCP/7938

    phIdentityWorker to phIpIdentityMaster

    Supervisor

    Worker

    Outbound

    TCP/6666

    Redis communication

    Supervisor

    External Device

    Outbound

    UDP/161

    SNMP based monitoring

    External Device

    Supervisor

    Inbound

    TCP/21

    FTP (for receiving Bluecoat logs via ftp)

    External Device

    Supervisor

    Inbound

    UDP/162

    SNMP Trap

    External Device

    Supervisor

    Inbound

    UDP/514

    UDP syslog

    External Device

    Supervisor

    Inbound

    TCP/514

    TCP syslog

    External Device

    Supervisor

    Inbound

    SSL/6514

    Syslog over TLS

    External Device

    Supervisor

    Inbound

    UDP/2055

    NetFlow

    Supervisor

    External Windows Devices

    Outbound

    TCP/135

    WMI based monitoring and log collection

    Supervisor

    External Devices

    Outbound

    TCP/389

    LDAP discovery

    Supervisor

    External Devices

    Outbound

    TCP/1433

    JDBC based monitoring and data collection

    Supervisor

    External Devices

    Outbound

    UDP/8686

    JMX based monitoring and data collection

    Supervisor

    Checkpoint

    Outbound

    TCP/18184

    Checkpoint LEA based log collection

    Supervisor

    Checkpoint

    Outbound

    TCP/18190

    Checkpoint CPMI based data collection

    Supervisor

    External Device

    Outbound

    TCP/443

    HTTPS based log collection

    Supervisor

    External Device

    Outbound

    TCP/110

    POP3 for email monitoring (STM)

    Supervisor

    External Device

    Outbound

    TCP/143

    IMAP for email monitoring (STM)

    Supervisor

    External Device

    Outbound

    TCP/993

    IMAP/SSL for email monitoring (STM)

    Supervisor

    External Device

    Outbound

    TCP/995

    POP/SSL for email monitoring (STM)

    Supervisor

    Mail Gateway

    Outbound

    TCP/SMTP

    Sending email notification

    Supervisor

    NFS Server

    Outbound

    UDP/111, TCP/111

    NFS Portmapper for writing events in NFS based deployments

    Supervisor

    Elasticsearch Coordinating Node

    Outbound

    HTTPS/9200 (configurable)

    Storing events for Elasticsearch based deployments

    Supervisor

    Elasticsearch Coordinating Node

    Outbound

    HTTPS/9300 or HTTPS/443 (configurable)

    Querying events for Elasticsearch based deployments

    Supervisor

    Spark Master Node

    Outbound

    HTTPS/7077 (configurable)

    Querying events for HDFS based deployments

    Supervisor

    HDFS Name Node

    Outbound

    HTTPS/9000 (configurable)

    Archiving events for HDFS based deployments

    Worker Communication

    From

    To

    Inbound or Outbound

    Ports

    Services

    FortiSIEM Management User

    Worker

    Inbound

    TCP/22

    Admin access via SSH

    FortiSIEM Management User

    Worker

    Inbound

    ICMP

    ICMP

    Collector

    Worker

    Inbound

    TCP/443

    REST API access via HTTPS

    Worker

    Supervisor

    Outbound

    TCP/5432

    PostGreSQL

    Worker

    Supervisor

    Outbound

    TCP/7914

    phParser on Worker to phParser on Supervisor for EPS enforcement

    Worker

    Supervisor

    Outbound

    TCP/7900

    phMonitorWorker to phMonitorSuper communication

    Supervisor

    Worker

    Inbound

    TCP/7900

    phMonitorSuper to phMonitorWorker Communication

    Worker

    Supervisor

    Outbound

    TCP/7918

    phQueryWorker to phQueryMaster Communication

    Supervisor

    Worker 5.3

    Inbound

    TCP/7916

    phQueryMaster to phQueryWorker communication

    Worker

    Supervisor

    Outbound

    TCP/7922

    phRuleWorker to phRuleMaster communication

    Worker

    Supervisor

    Outbound

    SSL/7922

    phRuleWorker to phRuleMaster communication

    Supervisor 5.3

    Worker

    Inbound

    TCP/7920

    phQueryMaster to phDataManager for trigger event query

    Worker

    Supervisor

    Outbound

    TCP/7934

    phReportWorker to phReportMaster Communication

    Worker

    Supervisor

    Outbound

    TCP/7938

    phIdentityWorker to phIpIdentityMaster

    Supervisor

    Worker

    Inbound

    TCP/6666

    Redis communication

    Worker

    External Device

    Outbound

    UDP/161

    SNMP based monitoring

    External Device

    Worker

    Inbound

    TCP/21

    FTP (for receiving Bluecoat logs via ftp)

    External Device

    Worker

    Inbound

    UDP/162

    SNMP Trap

    External Device

    Worker

    Inbound

    UDP/514

    UDP syslog

    External Device

    Worker

    Inbound

    TCP/514

    TCP syslog

    External Device

    Worker

    Inbound

    SSL/6514

    Syslog over TLS

    External Device

    Worker

    Inbound

    UDP/2055

    NetFlow

    Worker

    External Windows Devices

    Outbound

    TCP/135

    WMI based monitoring and log collection

    Worker

    External Devices

    Outbound

    TCP/389

    LDAP discovery

    Worker

    External Devices

    Outbound

    TCP/1433

    JDBC based monitoring and data collection

    Worker

    External Devices

    Outbound

    UDP/8686

    JMX based monitoring and data collection

    Worker

    Checkpoint

    Outbound

    TCP/18184

    Checkpoint LEA based log collection

    Worker

    Checkpoint

    Outbound

    TCP/18190

    Checkpoint CPMI based data collection

    Worker

    External Device

    Outbound

    TCP/443

    HTTPS based log collection

    Worker

    External Device

    Outbound

    TCP/110

    POP3 for email monitoring (STM)

    Worker

    External Device

    Outbound

    TCP/143

    IMAP for email monitoring (STM)

    Worker

    External Device

    Outbound

    TCP/993

    IMAP/SSL for email monitoring (STM)

    Worker

    External Device

    Outbound

    TCP/995

    POP/SSL for email monitoring (STM)

    Worker

    NFS Server

    Outbound

    UDP/111, TCP/111

    NFS Portmapper for writing events in NFS based deployments

    Worker

    Elasticsearch Coordinating Node

    Outbound

    HTTPS/9200 (configurable)

    Storing events for Elasticsearch based deployments

    Worker

    HDFS Name Node

    Outbound

    HTTPS/9000 (configurable)

    Archiving events for HDFS based deployments

    Collector Communication

    From

    To

    Inbound or Outbound

    Ports

    Services

    FortiSIEM Management User

    Collector

    Inbound

    TCP/22

    Admin access via SSH

    FortiSIEM Management User

    Collector

    Inbound

    ICMP

    ICMP

    Collector

    Collector

    Outbound

    TCP/443

    REST API access via HTTPS

    Collector

    Supervisor

    Outbound

    TCP/443

    REST API access via HTTPS

    Collector

    External Device

    Outbound

    UDP/161

    SNMP based monitoring

    External Device

    Collector

    Inbound

    TCP/21

    FTP (for receiving Bluecoat logs via ftp)

    External Device

    Collector

    Inbound

    UDP/162

    SNMP Trap

    External Device

    Collector

    Inbound

    UDP/514

    UDP syslog

    External Device

    Collector

    Inbound

    TCP/514

    TCP syslog

    External Device

    Collector

    Inbound

    SSL/6514

    Syslog over TLS

    External Device

    Collector

    Inbound

    UDP/2055

    NetFlow

    Collector

    External Windows Devices

    Outbound

    TCP/135

    WMI based monitoring and log collection

    Collector

    External Devices

    Outbound

    TCP/389

    LDAP discovery

    Collector

    External Devices

    Outbound

    TCP/1433

    JDBC based monitoring and data collection

    Collector

    External Devices

    Outbound

    UDP/8686

    JMX based monitoring and data collection

    Collector

    Checkpoint

    Outbound

    TCP/18184

    Checkpoint LEA based log collection

    Collector

    Checkpoint

    Outbound

    TCP/18190

    Checkpoint CPMI based data collection

    Collector

    External Device

    Outbound

    TCP/443

    HTTPS based log collection

    Collector

    External Device

    Outbound

    TCP/110

    POP3 for email monitoring (STM)

    Collector

    External Device

    Outbound

    TCP/143

    IMAP for email monitoring (STM)

    Collector

    External Device

    Outbound

    TCP/993

    IMAP/SSL for email monitoring (STM)

    Collector

    External Device

    Outbound

    TCP/995

    POP/SSL for email monitoring (STM)

    Previous
    Next