Fortinet black logo

EMS Administration Guide

Required services and ports

Required services and ports

You must ensure required ports and services are enabled for use by FortiClient EMS and its associated applications on your server. The required ports and services enable FortiClient EMS to communicate with endpoints and servers running associated applications. You do not need to enable ports 8013 and 10443 as the FortiClient EMS installation opens these.

Communication

Usage

Protocol

Port

Incoming/Outgoing

How to customize

FortiClient Telemetry

FortiClient endpoint management

TCP

8013 (default)

Incoming

Installer/GUI

Samba (SMB) service

FortiClient EMS uses the SMB service during FortiClient initial deployment.

TCP

445

Outgoing

N/A

Distributed Computing Environment / Remote Procedure Calls (DCE/RPC)

The FortiClient EMS server connects to endpoints using RPC for FortiClient initial deployment.

TCP

135

Outgoing

N/A

AD server connection

Retrieving workstation and user information

TCP

389 (LDAP) or

636 (LDAPS)

Outgoing

GUI

FortiClient download

Downloading FortiClient deployment packages created by FortiClient EMS

TCP

10443 (default)

Incoming

Installer

Apache/HTTPS

Web access to FortiClient EMS

TCP

443

Incoming

Installer

FortiGuard

FortiGuard AV, vulnerability, and application version updates

TCP

80

Outgoing

N/A

SMTP server/email

Alerts for FortiClient EMS and endpoint events. When an alert is triggered, EMS sends an email notification.

TCP

25 (default)

Outgoing

GUI

FortiClient endpoint probing

FortiClient EMS uses ICMP for endpoint probing during FortiClient initial deployment.

ICMP

N/A

Outgoing

N/A

FSSO

Connection to FortiOS.

TCP

8000

Incoming

N/A

The following ports and services only apply when using FortiClient EMS to manage Chromebooks:

Communication

Usage

Protocol

Port

Incoming/Outgoing

How to customize

FortiClient on Chrome OS

Connecting to FortiClient EMS

TCP

8443 (default)

You can customize this port.

Incoming

GUI

G suite API/Google domain directory

Retrieving Google domain information using API calls

TCP

443

Outgoing

N/A

The following ports and services should be enabled for use on Chromebooks when using FortiClient for Chromebooks:

Communication

Usage

Protocol

Port

Incoming/Outgoing

How to customize

FortiClient EMS

Connecting to the profile server

TCP

8443 (default)

Outgoing

Via Google Admin console when adding the profile

FortiGuard

Rating URLs

TCP

443, 3400

Outgoing

N/A

FortiAnalyzer

Sending logs to FortiAnalyzer

TCP

8443

Outgoing

N/A

note icon

For the list of required services and ports for FortiClient, see the FortiClient Administration Guide.

Required services and ports

Required services and ports

You must ensure required ports and services are enabled for use by FortiClient EMS and its associated applications on your server. The required ports and services enable FortiClient EMS to communicate with endpoints and servers running associated applications. You do not need to enable ports 8013 and 10443 as the FortiClient EMS installation opens these.

Communication

Usage

Protocol

Port

Incoming/Outgoing

How to customize

FortiClient Telemetry

FortiClient endpoint management

TCP

8013 (default)

Incoming

Installer/GUI

Samba (SMB) service

FortiClient EMS uses the SMB service during FortiClient initial deployment.

TCP

445

Outgoing

N/A

Distributed Computing Environment / Remote Procedure Calls (DCE/RPC)

The FortiClient EMS server connects to endpoints using RPC for FortiClient initial deployment.

TCP

135

Outgoing

N/A

AD server connection

Retrieving workstation and user information

TCP

389 (LDAP) or

636 (LDAPS)

Outgoing

GUI

FortiClient download

Downloading FortiClient deployment packages created by FortiClient EMS

TCP

10443 (default)

Incoming

Installer

Apache/HTTPS

Web access to FortiClient EMS

TCP

443

Incoming

Installer

FortiGuard

FortiGuard AV, vulnerability, and application version updates

TCP

80

Outgoing

N/A

SMTP server/email

Alerts for FortiClient EMS and endpoint events. When an alert is triggered, EMS sends an email notification.

TCP

25 (default)

Outgoing

GUI

FortiClient endpoint probing

FortiClient EMS uses ICMP for endpoint probing during FortiClient initial deployment.

ICMP

N/A

Outgoing

N/A

FSSO

Connection to FortiOS.

TCP

8000

Incoming

N/A

The following ports and services only apply when using FortiClient EMS to manage Chromebooks:

Communication

Usage

Protocol

Port

Incoming/Outgoing

How to customize

FortiClient on Chrome OS

Connecting to FortiClient EMS

TCP

8443 (default)

You can customize this port.

Incoming

GUI

G suite API/Google domain directory

Retrieving Google domain information using API calls

TCP

443

Outgoing

N/A

The following ports and services should be enabled for use on Chromebooks when using FortiClient for Chromebooks:

Communication

Usage

Protocol

Port

Incoming/Outgoing

How to customize

FortiClient EMS

Connecting to the profile server

TCP

8443 (default)

Outgoing

Via Google Admin console when adding the profile

FortiGuard

Rating URLs

TCP

443, 3400

Outgoing

N/A

FortiAnalyzer

Sending logs to FortiAnalyzer

TCP

8443

Outgoing

N/A

note icon

For the list of required services and ports for FortiClient, see the FortiClient Administration Guide.