Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Opening ports in the security group

By default, when you deploy FortiGate, there is a predefined security group that you can select based on Fortinet's recommendation. The following ports are allowed in the predefined security group assuming immediate and near-future needs.

 

Protocol/ports

Purpose

Incoming

TCP 22

SSH

 

TCP 80

HTTP

 

TCP 443

HTPS, management GUI access to FortiGate

 

TCP 541

Management by FortiManager located outside AWS

 

TCP 3000

Not immediately required, but typically used for incoming access to web servers, and so on

 

TCP 8080

Outgoing

Any

 

FortiGate-specific open ports are explained in Fortinet Communication Ports and Protocols.

To configure bare-minimum access that gives the most strict incoming access, allow only TCP 443 to access the FortiGate GUI console as mentioned in Connecting to the FortiGate and close all other ports. You may want to allow ICMP for pinging, and so on, as needed.

Resources

Opening ports in the security group

By default, when you deploy FortiGate, there is a predefined security group that you can select based on Fortinet's recommendation. The following ports are allowed in the predefined security group assuming immediate and near-future needs.

 

Protocol/ports

Purpose

Incoming

TCP 22

SSH

 

TCP 80

HTTP

 

TCP 443

HTPS, management GUI access to FortiGate

 

TCP 541

Management by FortiManager located outside AWS

 

TCP 3000

Not immediately required, but typically used for incoming access to web servers, and so on

 

TCP 8080

Outgoing

Any

 

FortiGate-specific open ports are explained in Fortinet Communication Ports and Protocols.

To configure bare-minimum access that gives the most strict incoming access, allow only TCP 443 to access the FortiGate GUI console as mentioned in Connecting to the FortiGate and close all other ports. You may want to allow ICMP for pinging, and so on, as needed.