Fortinet white logo
Fortinet white logo

EMS Administration Guide

Verifying ports and services and connection between EMS and FortiClient

Verifying ports and services and connection between EMS and FortiClient

Ports and services

On the EMS server, run the following CLI command to verify the services are bound to a port:

netstat -ano | find “<port number>”

a: displays all connections and listening ports

n: displays addresses and port numbers in numerical form

o: displays process ID (PID) associated with each connection

The following shows that Windows is listening to port TCP/8013 on a particular interface: 192.168.1.200 in this case. The PID is 2732.

You can confirm the process by finding that PID on the Task Manager Details tab:

If you want to deploy FortiClient to your domain-joined endpoints and have followed the Preparing the AD server for deployment instructions, you can use the same steps to verify the ports for SMB and RPC. See the FortiClient Administration Guide.

Connectivity between EMS and FortiClient

In addition to the services running correctly, there must be connectivity between EMS and the endpoint. This section defines connectivity as a route and traffic on a given port. You can use Command Prompt and the built-in Telnet application to verify this. Ensure that Telnet is enabled on your device by going to Control Panel > Turn Windows features on or off, and ensuring that the Telnet Client checkbox is selected. In this example, 192.168.1.200 is the endpoint IP address, and 445 is the port that is being checked:

telnet 192.168.1.200 445

If the command is successful, Command Prompt returns _. Since the service on 445 is not Telnet, this is the expected result.

If the command is unsuccessful, Command Prompt returns a warning that the connection could not be opened.

Verifying ports and services and connection between EMS and FortiClient

Verifying ports and services and connection between EMS and FortiClient

Ports and services

On the EMS server, run the following CLI command to verify the services are bound to a port:

netstat -ano | find “<port number>”

a: displays all connections and listening ports

n: displays addresses and port numbers in numerical form

o: displays process ID (PID) associated with each connection

The following shows that Windows is listening to port TCP/8013 on a particular interface: 192.168.1.200 in this case. The PID is 2732.

You can confirm the process by finding that PID on the Task Manager Details tab:

If you want to deploy FortiClient to your domain-joined endpoints and have followed the Preparing the AD server for deployment instructions, you can use the same steps to verify the ports for SMB and RPC. See the FortiClient Administration Guide.

Connectivity between EMS and FortiClient

In addition to the services running correctly, there must be connectivity between EMS and the endpoint. This section defines connectivity as a route and traffic on a given port. You can use Command Prompt and the built-in Telnet application to verify this. Ensure that Telnet is enabled on your device by going to Control Panel > Turn Windows features on or off, and ensuring that the Telnet Client checkbox is selected. In this example, 192.168.1.200 is the endpoint IP address, and 445 is the port that is being checked:

telnet 192.168.1.200 445

If the command is successful, Command Prompt returns _. Since the service on 445 is not Telnet, this is the expected result.

If the command is unsuccessful, Command Prompt returns a warning that the connection could not be opened.