Required services and ports
You must ensure required port and services are enabled for use by FortiClient and its associated applications on your server. The required ports and services enable FortiClient to communicate with servers running associated applications.
|
Communication |
Usage |
Protocol |
Port |
Incoming/Outgoing |
How to customize |
|---|---|---|---|---|---|
|
FortiClient Telemetry |
Endpoint management (FortiClient EMS) and/or compliance enforcement (FortiGate) |
TCP |
8013 |
Outgoing |
GUI |
|
FortiClient upload |
Used for FortiClient to upload logs and diagnostics to the EMS server |
TCP |
8014 |
Outgoing |
N/A |
|
SYSLOG |
Upload logs to syslog server |
UDP |
514 |
Outgoing |
N/A |
|
FortiSandbox |
Send files to FortiSandbox for analysis |
TCP |
514 |
Outgoing |
N/A |
|
Remote access - SSL VPN |
Establish VPN connection to FortiGate |
TCP |
443 (default) |
Outgoing |
GUI |
|
FortiAnalyzer/FortiManager |
Upload logs to FortiAnalyzer or FortiManager. FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzeror FortiManager. |
TCP |
514 |
Outgoing |
N/A |
|
Remote access - IPsec VPN |
Establish VPN connection to FortiGate |
UDP |
IKE 500 ESP (IP 50) NAT-T 4500 |
Outgoing |
N/A |
|
FortiAuthenticator/FortiGate |
Single Sign On mobility agent, FSSO |
TCP |
8001 (default) |
Outgoing |
GUI |
|
FortiGuard |
URL rating |
UDP |
8888 (default) |
Outgoing |
Change to port 53 via XML config file |
|
Antivirus/vulnerability signatures update |
TCP |
80 |
Outgoing |
N/A |
|
|
Cloud-based behavior scan (CBBS)/applications that use cloud services |
TCP |
80 |
Outgoing |
N/A |
|
|
FortiManager |
Use a FortiManager device for FortiClient software and signature updates |
TCP |
80 (default) |
Outgoing |
GUI |
|
SMTP/FortiGuard |
Virus submission |
TCP |
25 |
Outgoing |
N/A |
|
For the list of required services and ports for FortiClient EMS, see the FortiClient EMS Administration Guide on the Fortinet Document Library. |
