Fortinet black logo

AWS Administration Guide

Home FortiGate Public Cloud 7.0.0 AWS Administration Guide

Opening ports in the security group

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID e129c4eb-867b-11eb-9995-00505692583a:228062
Download PDF

Opening ports in the security group

By default, when you deploy FortiGate-VM, there is a predefined security group that you can select based on Fortinet's recommendation. The following ports are allowed in the predefined security group assuming immediate and near-future needs.

Protocol/ports

Purpose

Incoming

TCP 22

SSH

TCP 80

HTTP

TCP 443

HTTPS, management GUI access to the FortiGate-VM

TCP 541

Management by FortiManager located outside AWS

TCP 3000

Not immediately required, but typically used for incoming access to web servers, and so on

TCP 8080

Outgoing

Any

FortiOS Ports explains FortiGate-specific open ports.

To configure bare-minimum access that gives the strictest incoming access, allow only TCP 443 to access the FortiGate-VM GUI console as Connecting to the FortiGate-VM mentions and close all other ports. You may want to allow ICMP for pinging, and so on, as needed.

Previous
Next

Opening ports in the security group

By default, when you deploy FortiGate-VM, there is a predefined security group that you can select based on Fortinet's recommendation. The following ports are allowed in the predefined security group assuming immediate and near-future needs.

Protocol/ports

Purpose

Incoming

TCP 22

SSH

TCP 80

HTTP

TCP 443

HTTPS, management GUI access to the FortiGate-VM

TCP 541

Management by FortiManager located outside AWS

TCP 3000

Not immediately required, but typically used for incoming access to web servers, and so on

TCP 8080

Outgoing

Any

FortiOS Ports explains FortiGate-specific open ports.

To configure bare-minimum access that gives the strictest incoming access, allow only TCP 443 to access the FortiGate-VM GUI console as Connecting to the FortiGate-VM mentions and close all other ports. You may want to allow ICMP for pinging, and so on, as needed.

Previous
Next