Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • EMS Administration Guide

    Home FortiClient 6.0.5 EMS Administration Guide
    6.0.5
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Required services and ports

    Required services and ports

    You must ensure required ports and services are enabled for use by FortiClient EMS and its associated applications on your server. The required ports and services enable FortiClient EMS to communicate with endpoints and servers running associated applications. You do not need to enable ports 8013 and 10443 as the FortiClient EMS installation opens these.

    Communication

    Usage

    Protocol

    Port

    Incoming/Outgoing

    How to customize

    FortiClient Telemetry

    FortiClient endpoint management

    TCP

    8013 (default)

    Incoming

    Installer/GUI

    Samba (SMB) service

    FortiClient EMS uses the SMB service during FortiClient initial deployment.

    TCP

    445

    Outgoing

    N/A

    Distributed Computing Environment / Remote Procedure Calls (DCE- RPC)

    The EMS server connects to endpoints using RPC for FortiClient initial deployment.

    TCP

    135

    Outgoing

    N/A

    Active Directory server connection

    Retrieving workstation and user information

    TCP

    389 (LDAP) or

    636 (LDAPS)

    Outgoing

    GUI

    FortiClient download

    Downloading FortiClient installer created by the EMS server

    TCP

    10443 (default)

    Incoming

    Installer

    Apache/HTTPS

    Web access to EMS

    TCP

    443

    Incoming

    Installer

    FortiGuard

    FortiGuard antivirus, vulnerability, and application version updates

    TCP

    80

    Outgoing

    N/A

    SMTP server/email

    Alerts for EMS and endpoint events. When an alert is triggered, an email notification is sent

    TCP

    25 (default)

    Outgoing

    GUI

    FortiClient endpoint probing

    FortiClient EMS uses ICMP for endpoint probing during FortiClient initial deployment.

    ICMP

    N/A

    Outgoing

    N/A

    The following ports and services are only applicable when using FortiClient EMS to manage Chromebooks:

    Communication

    Usage

    Protocol

    Port

    Incoming/Outgoing

    How to customize

    FortiClient on Chrome OS

    Connection to EMS

    TCP

    8443 (default)

    You can customize this port.

    Incoming

    GUI

    G suite API/Google domain directory

    API calls to retrieve Google domain information

    TCP

    443

    Outgoing

    N/A

    The following ports and services should be enabled for use on Chromebooks when using FortiClient for Chromebooks:

    Communication

    Usage

    Protocol

    Port

    Incoming/Outgoing

    How to customize

    FortiClient EMS

    Connection to profile server

    TCP

    8443 (default)

    Outgoing

    Via Google Admin console when adding the profile

    FortiGuard

    URL rating

    TCP

    443, 3400

    Outgoing

    N/A

    FortiAnalyzer

    Send logs to FortiAnalyzer

    TCP

    8443

    Outgoing

    N/A
    note icon

    For the list of required services and ports for FortiClient, see the FortiClient Administration Guide on the Fortinet Document Library.
    Previous
    Next

    Required services and ports

    Required services and ports

    You must ensure required ports and services are enabled for use by FortiClient EMS and its associated applications on your server. The required ports and services enable FortiClient EMS to communicate with endpoints and servers running associated applications. You do not need to enable ports 8013 and 10443 as the FortiClient EMS installation opens these.

    Communication

    Usage

    Protocol

    Port

    Incoming/Outgoing

    How to customize

    FortiClient Telemetry

    FortiClient endpoint management

    TCP

    8013 (default)

    Incoming

    Installer/GUI

    Samba (SMB) service

    FortiClient EMS uses the SMB service during FortiClient initial deployment.

    TCP

    445

    Outgoing

    N/A

    Distributed Computing Environment / Remote Procedure Calls (DCE- RPC)

    The EMS server connects to endpoints using RPC for FortiClient initial deployment.

    TCP

    135

    Outgoing

    N/A

    Active Directory server connection

    Retrieving workstation and user information

    TCP

    389 (LDAP) or

    636 (LDAPS)

    Outgoing

    GUI

    FortiClient download

    Downloading FortiClient installer created by the EMS server

    TCP

    10443 (default)

    Incoming

    Installer

    Apache/HTTPS

    Web access to EMS

    TCP

    443

    Incoming

    Installer

    FortiGuard

    FortiGuard antivirus, vulnerability, and application version updates

    TCP

    80

    Outgoing

    N/A

    SMTP server/email

    Alerts for EMS and endpoint events. When an alert is triggered, an email notification is sent

    TCP

    25 (default)

    Outgoing

    GUI

    FortiClient endpoint probing

    FortiClient EMS uses ICMP for endpoint probing during FortiClient initial deployment.

    ICMP

    N/A

    Outgoing

    N/A

    The following ports and services are only applicable when using FortiClient EMS to manage Chromebooks:

    Communication

    Usage

    Protocol

    Port

    Incoming/Outgoing

    How to customize

    FortiClient on Chrome OS

    Connection to EMS

    TCP

    8443 (default)

    You can customize this port.

    Incoming

    GUI

    G suite API/Google domain directory

    API calls to retrieve Google domain information

    TCP

    443

    Outgoing

    N/A

    The following ports and services should be enabled for use on Chromebooks when using FortiClient for Chromebooks:

    Communication

    Usage

    Protocol

    Port

    Incoming/Outgoing

    How to customize

    FortiClient EMS

    Connection to profile server

    TCP

    8443 (default)

    Outgoing

    Via Google Admin console when adding the profile

    FortiGuard

    URL rating

    TCP

    443, 3400

    Outgoing

    N/A

    FortiAnalyzer

    Send logs to FortiAnalyzer

    TCP

    8443

    Outgoing

    N/A
    note icon

    For the list of required services and ports for FortiClient, see the FortiClient Administration Guide on the Fortinet Document Library.
    Previous
    Next