Verifying ports and services and connection between EMS and FortiClient
Ports and services
On the EMS server, run the following CLI command to verify the services are bound to a port:
netstat -ano | find “<port number>”
a
: displays all connections and listening ports
n
: displays addresses and port numbers in numerical form
o
: displays process ID (PID) associated with each connection
The following shows that Windows is listening to port TCP/8013 on a particular interface: 192.168.1.200 in this case. The PID is 2732.
You can confirm the process by finding that PID on the Task Manager Details tab:
If you want to deploy FortiClient to your domain-joined endpoints and have followed the Preparing the AD server for deployment instructions, you can use the same steps to verify the ports for SMB and RPC. See the FortiClient Administration Guide.
Connectivity between EMS and FortiClient
In addition to the services running correctly, there must be connectivity between EMS and the endpoint. This section defines connectivity as a route and traffic on a given port. You can use Command Prompt and the built-in Telnet application to verify this. Ensure that Telnet is enabled on your device by going to Control Panel > Turn Windows features on or off, and ensuring that the Telnet Client checkbox is selected. In this example, 192.168.1.200 is the endpoint IP address, and 445 is the port that is being checked:
telnet 192.168.1.200 445
If the command is successful, Command Prompt returns _. Since the service on 445 is not Telnet, this is the expected result.
If the command is unsuccessful, Command Prompt returns a warning that the connection could not be opened.