Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Appendix A: Port numbers

Communications between the FortiWeb appliance, clients, protected web servers, and FortiGuard Distribution Network (FDN) require that any routers and firewalls between them permit specific protocols and port numbers.

The following tables list the default port assignments used by FortiWeb.

Port Protocol Purpose
N/A ARP/NS HA failover of network interfaces. For details, see HA heartbeat.
N/A ICMP

Server health checks. For details, see Configuring server up/down checks.

execute ping and execute traceroute. See the FortiWeb CLI Reference (https://docs.fortinet.com/document/fortiweb/).

21 TCP

Anti-defacement backup and restoration (FTP). For details, see Anti-defacement.

FTP configuration backup. For details, see To back up the configuration via the web UI to an FTP/SFTP server.

22 TCP

Anti-defacement backup and restoration (SSH/SCP). For details, see Anti-defacement.

SFTP configuration backup. For details, see To back up the configuration via the web UI to an FTP/SFTP server.

25 TCP SMTP for alert email. For details, see Configuring email settings.
53 UDP DNS queries. For details, see Configuring DNS settings.
69 UDP TFTP for backups, restoration, and firmware updates. See commands such as execute backup or execute restore in the FortiWeb CLI Reference (https://docs.fortinet.com/document/fortiweb/).
80 TCP Server health checks. For details, see Configuring server up/down checks.
123 UDP NTP synchronization. For details, see Setting the system time & date.
137, 138, 139 UDP Anti-defacement backup and restoration (Windows-style share). For details, see Anti-defacement.
162 UDP SNMP traps. For details, see SNMP traps & queries.
389 TCP LDAP authentication queries. For details, see Configuring an LDAP server.
443 TCP

FortiGuard service polling and update downloads. For details, see Connecting to FortiGuard services.

Server health checks. For details, see Configuring server up/down checks.

445 TCP

NTLM authentication queries. For details, see Configuring an NTLM server.

Anti-defacement backup and restoration (Windows-style share). For details, see Anti-defacement.

514 UDP Syslog. For details, see Configuring logging.
636 TCP LDAPS authentication queries. For details, see Configuring an LDAP server.
1812 UDP RADIUS authentication queries. For details, see Configuring a RADIUS server.
6010 TCP HA configuration synchronization. For details, see HA heartbeat.
6055 Proprietary protocol HA heartbeat. Layer 2 multicast. For details, see HA heartbeat.
955 TCP Configuration replication. For details, see Replicating the configuration without FortiWeb HA (external HA).
Default ports used by FortiWeb for incoming traffic (listening)
Port Protocol Purpose
N/A ICMP ping and traceroute responses. For details, see Configuring the network interfaces.
22 TCP SSH administrative CLI access. For details, see Configuring the network interfaces.
23 TCP

Telnet administrative CLI access. For details, see Configuring the network interfaces.

Note that Telnet access is not allowed on all of the network interfaces by default for security reasons.

80 TCP

HTTP administrative web UI access. For details, see Configuring the network interfaces and How to use the web UI.

Predefined HTTP service. Only occurs if the service is used by a policy. For details, see Predefined services.

161 UDP SNMP queries. For details, see Configuring an SNMP community and Configuring the network interfaces.
443 TCP

HTTPS administrative web UI access. Only occurs if the destination address is a network interface’s IP address. For details, see Configuring the network interfaces and How to use the web UI.

Predefined HTTPS service. Only occurs if the service is used by a policy, and if the destination address is a virtual server or bridged connection. For details, see Predefined services.

8333 TCP Configuration replication. For details, see Replicating the configuration without FortiWeb HA (external HA).
6055 UDP HA heartbeat. Layer 2 multicast. For details, see HA heartbeat.
6056 UDP HA configuration synchronization. Layer 2 multicast. For details, see HA heartbeat.

Appendix A: Port numbers

Communications between the FortiWeb appliance, clients, protected web servers, and FortiGuard Distribution Network (FDN) require that any routers and firewalls between them permit specific protocols and port numbers.

The following tables list the default port assignments used by FortiWeb.

Port Protocol Purpose
N/A ARP/NS HA failover of network interfaces. For details, see HA heartbeat.
N/A ICMP

Server health checks. For details, see Configuring server up/down checks.

execute ping and execute traceroute. See the FortiWeb CLI Reference (https://docs.fortinet.com/document/fortiweb/).

21 TCP

Anti-defacement backup and restoration (FTP). For details, see Anti-defacement.

FTP configuration backup. For details, see To back up the configuration via the web UI to an FTP/SFTP server.

22 TCP

Anti-defacement backup and restoration (SSH/SCP). For details, see Anti-defacement.

SFTP configuration backup. For details, see To back up the configuration via the web UI to an FTP/SFTP server.

25 TCP SMTP for alert email. For details, see Configuring email settings.
53 UDP DNS queries. For details, see Configuring DNS settings.
69 UDP TFTP for backups, restoration, and firmware updates. See commands such as execute backup or execute restore in the FortiWeb CLI Reference (https://docs.fortinet.com/document/fortiweb/).
80 TCP Server health checks. For details, see Configuring server up/down checks.
123 UDP NTP synchronization. For details, see Setting the system time & date.
137, 138, 139 UDP Anti-defacement backup and restoration (Windows-style share). For details, see Anti-defacement.
162 UDP SNMP traps. For details, see SNMP traps & queries.
389 TCP LDAP authentication queries. For details, see Configuring an LDAP server.
443 TCP

FortiGuard service polling and update downloads. For details, see Connecting to FortiGuard services.

Server health checks. For details, see Configuring server up/down checks.

445 TCP

NTLM authentication queries. For details, see Configuring an NTLM server.

Anti-defacement backup and restoration (Windows-style share). For details, see Anti-defacement.

514 UDP Syslog. For details, see Configuring logging.
636 TCP LDAPS authentication queries. For details, see Configuring an LDAP server.
1812 UDP RADIUS authentication queries. For details, see Configuring a RADIUS server.
6010 TCP HA configuration synchronization. For details, see HA heartbeat.
6055 Proprietary protocol HA heartbeat. Layer 2 multicast. For details, see HA heartbeat.
955 TCP Configuration replication. For details, see Replicating the configuration without FortiWeb HA (external HA).
Default ports used by FortiWeb for incoming traffic (listening)
Port Protocol Purpose
N/A ICMP ping and traceroute responses. For details, see Configuring the network interfaces.
22 TCP SSH administrative CLI access. For details, see Configuring the network interfaces.
23 TCP

Telnet administrative CLI access. For details, see Configuring the network interfaces.

Note that Telnet access is not allowed on all of the network interfaces by default for security reasons.

80 TCP

HTTP administrative web UI access. For details, see Configuring the network interfaces and How to use the web UI.

Predefined HTTP service. Only occurs if the service is used by a policy. For details, see Predefined services.

161 UDP SNMP queries. For details, see Configuring an SNMP community and Configuring the network interfaces.
443 TCP

HTTPS administrative web UI access. Only occurs if the destination address is a network interface’s IP address. For details, see Configuring the network interfaces and How to use the web UI.

Predefined HTTPS service. Only occurs if the service is used by a policy, and if the destination address is a virtual server or bridged connection. For details, see Predefined services.

8333 TCP Configuration replication. For details, see Replicating the configuration without FortiWeb HA (external HA).
6055 UDP HA heartbeat. Layer 2 multicast. For details, see HA heartbeat.
6056 UDP HA configuration synchronization. Layer 2 multicast. For details, see HA heartbeat.