Required services and ports
You must enable required port and services for use by FortiClient and its associated applications on your server. The required ports and services enable FortiClient to communicate with servers running associated applications.
Communication |
Usage |
Protocol |
Port |
Incoming/Outgoing |
How to customize |
---|---|---|---|---|---|
FortiClient Telemetry |
Endpoint management (on-premise EMS), participation in the Fortinet Security Fabric |
TCP |
8013 |
Outgoing |
GUI |
SYSLOG |
Upload logs to syslog server |
UDP |
514 |
Outgoing |
N/A |
FortiSandbox |
Send files to FortiSandbox for analysis |
TCP |
514 |
Outgoing |
N/A |
Remote access - SSL VPN |
Establish VPN connection to the FortiGate |
TCP |
443 (default) |
Outgoing |
GUI |
FortiAnalyzer/FortiManager |
Upload logs and Windows host events to FortiAnalyzer or FortiManager |
TCP |
514 |
Outgoing |
N/A |
Remote access - IPsec VPN |
Establish VPN connection to the FortiGate |
UDP |
IKE 500 ESP (IP 50) NAT-T 4500 |
Outgoing |
N/A |
FortiAuthenticator/FortiGate |
Single sign-on mobility agent (SSOMA), FortiClient SSO |
TCP |
8001 (default) |
Outgoing |
GUI |
FortiManager |
Use a FortiManager for FortiClient software and signature updates |
TCP |
80 (default) |
Outgoing |
GUI |
SMTP/FortiGuard |
Virus submission |
TCP |
25 |
Outgoing |
N/A |
FortiGuard |
Cloud-based malware detection |
TCP |
8888 |
Outgoing |
N/A |
FortiClient can also connect to FortiClient Cloud instead of on-premise EMS for endpoint management. The following table summarizes required services for FortiClient to communicate with FortiClient Cloud:
Usage
|
Server URL |
Protocol
|
Port
|
Incoming/Outgoing
|
How to customize |
---|---|---|---|---|---|
FortiClient Cloud connection |
forticlient-emsproxy.forticloud.com forticlient.forticloud.com |
TCP |
443 (default) |
Outgoing |
FortiClient connects to FortiGuard to query for URL ratings for Web Filter and to download antivirus and vulnerability scan engine and signature updates. FortiClient can connect to legacy FortiGuard or FortiGuard Anycast. The EMS administrator configures FortiGuard server options. See Web Filter and System Settings. The following table summarizes required services for FortiClient to communicate with FortiGuard:
Usage
|
Server URL |
Protocol
|
Port
|
Incoming/Outgoing
|
How to customize |
||
---|---|---|---|---|---|---|---|
Global |
U.S. |
Europe |
|||||
URL rating |
fgd1.fortigate.com |
usfgd1.fortigate.com |
N/A |
TCP |
8888 (default) |
Outgoing |
Change to UDP via XML. See the FortiClient XML Reference Guide. |
URL rating with FortiGuard Anycast |
fctguard.fortinet.net |
fctusguard.fortinet.net |
fcteuguard.fortinet.net |
TCP |
443 |
Outgoing |
Change to UDP via XML. See the FortiClient XML Reference Guide. |
AV/vulnerability signature update |
forticlient.fortinet.net myforticlient.fortinet.net |
usforticlient.fortinet.net |
N/A |
TCP |
80 |
Outgoing |
N/A |
AV/vulnerability signature updates with FortiGuard Anycast |
fctupdate.fortinet.net |
fctusupdate.fortinet.net |
fcteuupdate.fortinet.net |
TCP |
443 |
Outgoing |
N/A |
For the list of required services and ports for EMS, see the FortiClient EMS Administration Guide. |