Fortinet black logo

FortiGate open ports

6.0.0
Copy Link
Copy Doc ID ea42bedb-a99b-11e9-81a4-00505692583a:534827
Download PDF
FortiAP-S Open Ports FortiAuthenticator Open Ports FortiManager Open Ports FortiGuard Open Ports 3rd-Party Servers Open Ports FortiGuard Open Ports FortiManager Open Ports FortiSandbox Open Ports FortiCloud Open Ports FortiAuthenticator Open Ports FortiAnalyzer Open Ports FortiPortal Open Ports

FortiGate open ports

Incoming ports
Purpose Protocol/Port
FortiAP-S Syslog, OFTP, Registration, Quarantine, Log & Report TCP/443
CAPWAP UDP/5246, UDP/5247
FortiAuthenticator Policy Authentication through Captive Portal TCP/1000
FortiClient Remote IPsec VPN access UDP/IKE 500, ESP (IP 50), NAT-T 4500
Remote SSL VPN access TCP/443
SSO Mobility Agent, FSSO TCP/8001
Compliance and Security Fabric TCP/8013 (by default; this port can be customized)
FortiGate HA Heartbeat ETH Layer 0x8890, 0x8891, and 0x8893
HA Synchronization TCP/703, UDP/703

Security Fabric

UDP/8014

FortiGuard Management TCP/541
AV/IPS UDP/9443
FortiManager AV/IPS Push UDP/9443
SSH CLI Management TCP/22
Management TCP/541
SNMP Poll UDP/161, UDP/162
FortiGuard Queries TCP/443
FortiPortal API communications (FortiOS REST API, used for Wireless Analytics) TCP/443
Others Web Admin TCP/80, TCP/443
Policy Override Authentication TCP/443, TCP/8008, TCP/8010
Policy Override Keepalive TCP/1000, TCP/1003
SSL VPN TCP/443
3rd-Party Servers FSSO TCP/8001 (by default; this port can be customized)

Outgoing ports
Purpose Protocol/Port
FortiAnalyzer Syslog, OFTP, Registration, Quarantine, Log & Report TCP/514
FortiAuthenticator LDAP, PKI Authentication TCP or UDP/389
RADIUS UDP/1812
FSSO TCP/8000
RADIUS Accounting UDP/1813
SCEP TCP/80, TCP/443
FortiCloud Registration, Quarantine, Log & Report, Syslog TCP/443
OFTP TCP/514
Management TCP/541
Contract Validation TCP/443
FortiGate HA Heartbeat ETH Layer 0x8890, 0x8891, and 0x8893
HA Synchronization TCP/703, UDP/703
FortiGuard AV/IPS Update TCP/443, TCP/8890
Cloud App DB TCP/9582
FortiGuard Queries UDP/53, UDP/8888
DNS UDP/53, UDP/8888
Registration TCP/80
Alert Email, Virus Sample TCP/25
Management, Firmware, SMS, FTM, Licensing, Policy Override TCP/443
Central Management, Analysis TCP/541
FortiManager Management TCP/541
IPv6 FGFM connection TCP/542
Log & Report TCP or UDP/514
Secure SNMP UDP/161, UDP/162
FortiGuard Queries TCP/8890, UDP/53
FortiSandbox OFTP TCP/514
Others FSSO TCP/8001 (by default; this port can be customized)
note icon

Note that, while a proxy is configured, FortiGate uses the following URLs to access the FortiGuard Distribution Network (FDN):

  • update.fortiguard.net
  • service.fortiguard.net
  • support.fortinet.com
FortiAP-S Open Ports FortiAuthenticator Open Ports FortiManager Open Ports FortiGuard Open Ports 3rd-Party Servers Open Ports FortiGuard Open Ports FortiManager Open Ports FortiSandbox Open Ports FortiCloud Open Ports FortiAuthenticator Open Ports FortiAnalyzer Open Ports FortiPortal Open Ports

FortiGate open ports

Incoming ports
Purpose Protocol/Port
FortiAP-S Syslog, OFTP, Registration, Quarantine, Log & Report TCP/443
CAPWAP UDP/5246, UDP/5247
FortiAuthenticator Policy Authentication through Captive Portal TCP/1000
FortiClient Remote IPsec VPN access UDP/IKE 500, ESP (IP 50), NAT-T 4500
Remote SSL VPN access TCP/443
SSO Mobility Agent, FSSO TCP/8001
Compliance and Security Fabric TCP/8013 (by default; this port can be customized)
FortiGate HA Heartbeat ETH Layer 0x8890, 0x8891, and 0x8893
HA Synchronization TCP/703, UDP/703

Security Fabric

UDP/8014

FortiGuard Management TCP/541
AV/IPS UDP/9443
FortiManager AV/IPS Push UDP/9443
SSH CLI Management TCP/22
Management TCP/541
SNMP Poll UDP/161, UDP/162
FortiGuard Queries TCP/443
FortiPortal API communications (FortiOS REST API, used for Wireless Analytics) TCP/443
Others Web Admin TCP/80, TCP/443
Policy Override Authentication TCP/443, TCP/8008, TCP/8010
Policy Override Keepalive TCP/1000, TCP/1003
SSL VPN TCP/443
3rd-Party Servers FSSO TCP/8001 (by default; this port can be customized)

Outgoing ports
Purpose Protocol/Port
FortiAnalyzer Syslog, OFTP, Registration, Quarantine, Log & Report TCP/514
FortiAuthenticator LDAP, PKI Authentication TCP or UDP/389
RADIUS UDP/1812
FSSO TCP/8000
RADIUS Accounting UDP/1813
SCEP TCP/80, TCP/443
FortiCloud Registration, Quarantine, Log & Report, Syslog TCP/443
OFTP TCP/514
Management TCP/541
Contract Validation TCP/443
FortiGate HA Heartbeat ETH Layer 0x8890, 0x8891, and 0x8893
HA Synchronization TCP/703, UDP/703
FortiGuard AV/IPS Update TCP/443, TCP/8890
Cloud App DB TCP/9582
FortiGuard Queries UDP/53, UDP/8888
DNS UDP/53, UDP/8888
Registration TCP/80
Alert Email, Virus Sample TCP/25
Management, Firmware, SMS, FTM, Licensing, Policy Override TCP/443
Central Management, Analysis TCP/541
FortiManager Management TCP/541
IPv6 FGFM connection TCP/542
Log & Report TCP or UDP/514
Secure SNMP UDP/161, UDP/162
FortiGuard Queries TCP/8890, UDP/53
FortiSandbox OFTP TCP/514
Others FSSO TCP/8001 (by default; this port can be customized)
note icon

Note that, while a proxy is configured, FortiGate uses the following URLs to access the FortiGuard Distribution Network (FDN):

  • update.fortiguard.net
  • service.fortiguard.net
  • support.fortinet.com