Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Required services and ports

You must ensure required port and services are enabled for use by FortiClient and its associated applications on your server. The required ports and services enable FortiClient to communicate with servers running associated applications.

Communication

Usage

Protocol

Port

Incoming/Outgoing

How to customize

FortiClient Telemetry

Endpoint management (EMS) and/or compliance enforcement (FortiGate)

TCP

8013

Outgoing

GUI

SYSLOG

Upload logs to syslog server

UDP

514

Outgoing

N/A

FortiSandbox

Send files to FortiSandbox for analysis

TCP

514

Outgoing

N/A

Remote access - SSL VPN

Establish VPN connection to FortiGate

TCP

443 (default)

Outgoing

GUI

FortiAnalyzer/FortiManager

Upload logs to FortiAnalyzer or FortiManager. FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer or FortiManager.

TCP

514

Outgoing

N/A

Remote access - IPsec VPN

Establish VPN connection to FortiGate

UDP

IKE 500 ESP (IP 50) NAT-T 4500

Outgoing

N/A

FortiAuthenticator/FortiGate

Single Sign On mobility agent, FSSO

TCP

8001 (default)

Outgoing

GUI

FortiGuard

URL rating

UDP

8888 (default)

Outgoing

Change to port 53 via XML config file

AV/vulnerability signatures update

TCP

80

Outgoing

N/A

Cloud-based behavior scan (CBBS)/applications that use cloud services

TCP

80

Outgoing

N/A

FortiManager

Use a FortiManager device for FortiClient software and signature updates

TCP

80 (default)

Outgoing

GUI

SMTP/FortiGuard

Virus submission

TCP

25

Outgoing

N/A

note icon

For the list of required services and ports for EMS, see the FortiClient EMS Administration Guide.

Required services and ports

You must ensure required port and services are enabled for use by FortiClient and its associated applications on your server. The required ports and services enable FortiClient to communicate with servers running associated applications.

Communication

Usage

Protocol

Port

Incoming/Outgoing

How to customize

FortiClient Telemetry

Endpoint management (EMS) and/or compliance enforcement (FortiGate)

TCP

8013

Outgoing

GUI

SYSLOG

Upload logs to syslog server

UDP

514

Outgoing

N/A

FortiSandbox

Send files to FortiSandbox for analysis

TCP

514

Outgoing

N/A

Remote access - SSL VPN

Establish VPN connection to FortiGate

TCP

443 (default)

Outgoing

GUI

FortiAnalyzer/FortiManager

Upload logs to FortiAnalyzer or FortiManager. FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer or FortiManager.

TCP

514

Outgoing

N/A

Remote access - IPsec VPN

Establish VPN connection to FortiGate

UDP

IKE 500 ESP (IP 50) NAT-T 4500

Outgoing

N/A

FortiAuthenticator/FortiGate

Single Sign On mobility agent, FSSO

TCP

8001 (default)

Outgoing

GUI

FortiGuard

URL rating

UDP

8888 (default)

Outgoing

Change to port 53 via XML config file

AV/vulnerability signatures update

TCP

80

Outgoing

N/A

Cloud-based behavior scan (CBBS)/applications that use cloud services

TCP

80

Outgoing

N/A

FortiManager

Use a FortiManager device for FortiClient software and signature updates

TCP

80 (default)

Outgoing

GUI

SMTP/FortiGuard

Virus submission

TCP

25

Outgoing

N/A

note icon

For the list of required services and ports for EMS, see the FortiClient EMS Administration Guide.