FortiAuthenticator open ports

Copy Link

Copy Doc ID 23a6ef88-6864-11ea-9384-00505692583a:603986

Download PDF

FortiAuthenticator open ports

Incoming ports
Purpose		Protocol/Port
FortiAuthenticator	Load-balancing HA secondary	UDP/721, UDP/1194
	Redundant HA cluster	UDP/720
	FSSO tiered architecture	TCP/8003
FortiClient	SSO Mobility Agent, FSSO	TCP/8001 (by default; this port can be customized)
FortiGate	LDAP, PKI Authentication	TCP or UDP/389
	RADIUS	UDP/1812
	FSSO	TCP/8000
	RADIUS Accounting	UDP/1813, UDP/1646
	SCEP	TCP/80, TCP/443
	CRL download	TCP/80
	External captive portal	TCP/443
FortiToken Mobile	Push approve/deny	TCP/443
FortiToken Mobile	FTM device transfer	TCP/443
Others	SSH CLI	TCP/22
	Telnet	TCP/23
	HTTP & SCEP	TCP/80
	SNMP Poll	UDP/161
	Web Admin	TCP/80, TCP/443
	LDAP	TCP/389, TCP/3268
	LDAPS	TCP/636, TCP/3269
	RADIUS	UDP/1812, UDP/1813
	OCSP	TCP/2560
	Syslog	UDP/514
	SAML	TCP/443
	OAuth	TCP/443
3rd-Party Servers	FSSO DC/TS agents	TCP/8002
3rd-Party Servers	FortiAuthenticator Windows/OWA agent	TCP/443

Outgoing ports
Purpose		Protocol/Port
FortiAuthenticator	(HA) HA heartbeat	UDP/720
	(LB secondary) LB secondary sync	UDP/721, UDP/1194
	FSSO tiered architecture	TCP/8003
FortiGate	Policy Authentication through Captive Portal	TCP/1000
FortiGate	RADIUS disconnect	TCP/1700
FortiGuard	FortiToken hardware seed retrieval	TCP/443
	FortiToken Mobile activation, provisioning, and transfer	TCP/443
	FortiToken Cloud communication	TCP/8686
	FortiGuard SMS	TCP/443
	FortiToken Mobile push proxy service (FAC 6.1.1 and later)	TCP/443
	FortiToken Mobile Apple push servers (FAC 6.1.0 and earlier)	TCP/5223, TCP/2195, TCP/2196
	FortiToken Mobile Google push servers (FAC 6.1.0 and earlier)	TCP/443
3rd-Party Servers	SMTP	TCP/25
	DNS	UDP/53
	Windows AD	TCP/88
	NTP	UDP/123
	LDAP	TCP/389, TCP/3268
	Domain Control	TCP/445
	LDAPS	TCP/636, TCP/3269
	FSSO tiered architecture	TCP/5003
	FTP/SFTP configuration and logs backup	TCP/21, TCP/22
	SMS HTTP/HTTPS gateways	TCP/80, TCP/443
	OAuth	TCP/443
	CRL download	TCP/80, TCP/443
FortiNAC	FSSO	TCP/8000
FortiAnalyzer	Logging	UDP/514

Incoming ports
FortiAuthenticator	Load-balancing HA secondary	UDP/721, UDP/1194
Redundant HA cluster	UDP/720
FSSO tiered architecture	TCP/8003
FortiClient	SSO Mobility Agent, FSSO	TCP/8001 (by default; this port can be customized)
FortiGate	LDAP, PKI Authentication	TCP or UDP/389
RADIUS	UDP/1812
FSSO	TCP/8000
RADIUS Accounting	UDP/1813, UDP/1646
SCEP	TCP/80, TCP/443
CRL download	TCP/80
External captive portal	TCP/443
FortiToken Mobile	Push approve/deny	TCP/443
FTM device transfer	TCP/443
Others	SSH CLI	TCP/22
Telnet	TCP/23
HTTP & SCEP	TCP/80
SNMP Poll	UDP/161
Web Admin	TCP/80, TCP/443
LDAP	TCP/389, TCP/3268
LDAPS	TCP/636, TCP/3269
RADIUS	UDP/1812, UDP/1813
OCSP	TCP/2560
Syslog	UDP/514
SAML	TCP/443
OAuth	TCP/443
3rd-Party Servers	FSSO DC/TS agents	TCP/8002
FortiAuthenticator Windows/OWA agent	TCP/443

Incoming ports

Purpose

Protocol/Port

FortiAuthenticator

Load-balancing HA secondary

UDP/721, UDP/1194

Redundant HA cluster

UDP/720

FSSO tiered architecture

TCP/8003

FortiClient

SSO Mobility Agent, FSSO

TCP/8001 (by default; this port can be customized)

FortiGate

LDAP, PKI Authentication

TCP or UDP/389

RADIUS

UDP/1812

FSSO

TCP/8000

RADIUS Accounting

UDP/1813, UDP/1646

SCEP

TCP/80, TCP/443

CRL download

TCP/80

External captive portal

TCP/443

FortiToken Mobile

Push approve/deny

TCP/443

FTM device transfer

TCP/443

Others

SSH CLI

TCP/22

Telnet

TCP/23

HTTP & SCEP

TCP/80

SNMP Poll

UDP/161

Web Admin

TCP/80, TCP/443

LDAP

TCP/389, TCP/3268

LDAPS

TCP/636, TCP/3269

RADIUS

UDP/1812, UDP/1813

OCSP

TCP/2560

Syslog

UDP/514

SAML

TCP/443

OAuth

TCP/443

3rd-Party Servers

FSSO DC/TS agents

TCP/8002

FortiAuthenticator Windows/OWA agent

TCP/443

Outgoing ports
FortiAuthenticator	(HA) HA heartbeat	UDP/720
(LB secondary) LB secondary sync	UDP/721, UDP/1194
FSSO tiered architecture	TCP/8003
FortiGate	Policy Authentication through Captive Portal	TCP/1000
RADIUS disconnect	TCP/1700
FortiGuard	FortiToken hardware seed retrieval	TCP/443
FortiToken Mobile activation, provisioning, and transfer	TCP/443
FortiToken Cloud communication	TCP/8686
FortiGuard SMS	TCP/443
FortiToken Mobile push proxy service (FAC 6.1.1 and later)	TCP/443
FortiToken Mobile Apple push servers (FAC 6.1.0 and earlier)	TCP/5223, TCP/2195, TCP/2196
FortiToken Mobile Google push servers (FAC 6.1.0 and earlier)	TCP/443
3rd-Party Servers	SMTP	TCP/25
DNS	UDP/53
Windows AD	TCP/88
NTP	UDP/123
LDAP	TCP/389, TCP/3268
Domain Control	TCP/445
LDAPS	TCP/636, TCP/3269
FSSO tiered architecture	TCP/5003
FTP/SFTP configuration and logs backup	TCP/21, TCP/22
SMS HTTP/HTTPS gateways	TCP/80, TCP/443
OAuth	TCP/443
CRL download	TCP/80, TCP/443
FortiNAC	FSSO	TCP/8000
FortiAnalyzer	Logging	UDP/514

Outgoing ports

Purpose

Protocol/Port

FortiAuthenticator

(HA) HA heartbeat

UDP/720

(LB secondary) LB secondary sync

UDP/721, UDP/1194

FSSO tiered architecture

TCP/8003

FortiGate

Policy Authentication through Captive Portal

TCP/1000

RADIUS disconnect

TCP/1700

FortiGuard

FortiToken hardware seed retrieval

TCP/443

FortiToken Mobile activation, provisioning, and transfer

TCP/443

FortiToken Cloud communication

TCP/8686

FortiGuard SMS

TCP/443

FortiToken Mobile push proxy service (FAC 6.1.1 and later)

TCP/443

FortiToken Mobile Apple push servers (FAC 6.1.0 and earlier)

TCP/5223, TCP/2195, TCP/2196

FortiToken Mobile Google push servers (FAC 6.1.0 and earlier)

TCP/443

3rd-Party Servers

SMTP

TCP/25

DNS

UDP/53

Windows AD

TCP/88

NTP

UDP/123

LDAP

TCP/389, TCP/3268

Domain Control

TCP/445

LDAPS

TCP/636, TCP/3269

FSSO tiered architecture

TCP/5003

FTP/SFTP configuration and logs backup

TCP/21, TCP/22

SMS HTTP/HTTPS gateways

TCP/80, TCP/443

OAuth

TCP/443

CRL download

TCP/80, TCP/443

FortiNAC

FSSO

TCP/8000

FortiAnalyzer

Logging

UDP/514

Ports and Protocols

FortiAuthenticator open ports

FortiAuthenticator open ports

FortiAuthenticator open ports