Incoming Ports
The following table identifies the incoming ports for FortiAuthenticator and how the ports interact with other products:
Product |
Purpose |
Protocol and Port |
---|---|---|
FortiAuthenticator
|
(HA) HA heartbeat |
UDP/720 |
(LB secondary) LB secondary sync |
UDP/721, UDP/1194 |
|
FSSO tiered architecture |
TCP/8003 |
|
FortiGate
|
LDAP, PKI Authentication |
TCP or UDP/389 |
RADIUS |
UDP/1812 |
|
RADIUS Accounting |
UDP/1813, UDP/1646 |
|
SCEP |
TCP/80, TCP/443 |
|
CRL download |
TCP/80 |
|
External captive portal |
TCP/443 |
|
TACACS+ |
TCP/49 |
|
FortiToken Mobile
|
Push approve/deny |
TCP/443 |
FTM device transfer |
TCP/443 |
|
Others
|
SSH CLI |
TCP/22 |
Telnet |
TCP/23 |
|
HTTP & SCEP |
TCP/80 |
|
SNMP Poll |
UDP/161 |
|
Web Admin |
TCP/80, TCP/443 |
|
LDAP |
TCP/389, TCP/3268 |
|
LDAPS |
TCP/636, TCP/3269 |
|
RADIUS |
UDP/1812, UDP/1813 |
|
OCSP |
TCP/2560 |
|
Syslog |
UDP/514 |
|
SAML |
TCP/443 |
|
OAuth |
TCP/443 |
|
TACACS+ |
TCP/49 |
|
RADSEC |
TCP/2083 |
|
3rd-Party Servers
|
FortiAuthenticator Windows/OWA Agent |
TCP/443 |
FSSO DC Agent |
UDP/8002, TCP/8002 |
|
FSSO TS Agent |
UDP/8002, TCP/8002 |