Fortinet black logo

FortiGuard open ports

6.2.0
Copy Link
Copy Doc ID 119f8f7c-1f55-11e9-b86b-00505692583a:362392
Download PDF

FortiGuard open ports

Incoming ports

Purpose

Protocol/Port

FortiAnalyzer

AV/IPS Updates, SMS, FTM, Licensing, Policy Overrides, RVS, URL/AS Update

TCP/443

FortiAP-S

FortiGuard Queries

UDP/53, UDP/8888

Syslog, OFTP, Registration, Quarantine, Log & Report

TCP/514

Event Logs

UDP/5246

FortiAuthenticator

FortiToken hardware seed retrieval TCP/443
FortiToken Mobile activation, provisioning, and transfer TCP/443
FortiToken Cloud provisioning TCP/443
FortiGuard SMS TCP/443

FortiToken Mobile push proxy service (FAC 6.1.1 and later)

TCP/443

FortiToken Mobile Apple push servers (FAC 6.1.0 and earlier)

TCP/5223, TCP/2195, TCP/2196

FortiToken Mobile Google push servers (FAC 6.1.0 and earlier)

TCP/443

FortiClient

AV/VUL signatures update, Cloud-based behavior scan (CBBS)/applications that use cloud services

TCP/80

Virus submission (SMTP/FortiGuard)

TCP/25

URL rating

UDP/8888 (by default; this port can be changed to port 53 by entering fgd1.fortigate.com:53 via the XML config file)

Note: FortiClient for Chromebooks contacts FortiGuard for URL ratings via TCP/443

FortiClient EMS AV/VUL/APP version updates *

TCP/80

FortiCloud

Registration

TCP/443

FortiGate

AV/IPS Update, Management, Firmware, SMS, FTM, Licensing, Policy Override

TCP/443, TCP/8890

Cloud App DB

TCP/9582 (flow.fortinet.net)

FortiGuard Queries

UDP/53, UDP/8888, TCP/53, TCP/8888, TCP/443 (as part of Anycast servers)

SDNS queries for DNS Filter

UDP/53, TCP/853 (as part of Anycast servers)

Registration

TCP/80

Alert Emails, Virus Sample

TCP/25

Central Management, Analysis

TCP/541

FortiMail

AS Rating

UDP/53

AV/AS Update

TCP/443

FortiManager

AV/IPS Updates, URL/AS Update, Firmware, SMS, FTM, Licensing, Policy Override Authentication, Registration

TCP/443

FortiClient updates

TCP/80

FortiSandbox

(FortiSandbox will use a random port picked by the kernel)

FortiGuard Distribution Servers

TCP/8890

FortiGuard Web Filtering Servers

UDP/53, UDP/8888

Outgoing ports

Purpose

Protocol/Port

FortiGate

Management

TCP/541

AV/IPS

UDP/9443

FortiMail

AV Push

UDP/9443

FortiManager

AV/IPS

UDP/9443

FortiGuard open ports

Incoming ports

Purpose

Protocol/Port

FortiAnalyzer

AV/IPS Updates, SMS, FTM, Licensing, Policy Overrides, RVS, URL/AS Update

TCP/443

FortiAP-S

FortiGuard Queries

UDP/53, UDP/8888

Syslog, OFTP, Registration, Quarantine, Log & Report

TCP/514

Event Logs

UDP/5246

FortiAuthenticator

FortiToken hardware seed retrieval TCP/443
FortiToken Mobile activation, provisioning, and transfer TCP/443
FortiToken Cloud provisioning TCP/443
FortiGuard SMS TCP/443

FortiToken Mobile push proxy service (FAC 6.1.1 and later)

TCP/443

FortiToken Mobile Apple push servers (FAC 6.1.0 and earlier)

TCP/5223, TCP/2195, TCP/2196

FortiToken Mobile Google push servers (FAC 6.1.0 and earlier)

TCP/443

FortiClient

AV/VUL signatures update, Cloud-based behavior scan (CBBS)/applications that use cloud services

TCP/80

Virus submission (SMTP/FortiGuard)

TCP/25

URL rating

UDP/8888 (by default; this port can be changed to port 53 by entering fgd1.fortigate.com:53 via the XML config file)

Note: FortiClient for Chromebooks contacts FortiGuard for URL ratings via TCP/443

FortiClient EMS AV/VUL/APP version updates *

TCP/80

FortiCloud

Registration

TCP/443

FortiGate

AV/IPS Update, Management, Firmware, SMS, FTM, Licensing, Policy Override

TCP/443, TCP/8890

Cloud App DB

TCP/9582 (flow.fortinet.net)

FortiGuard Queries

UDP/53, UDP/8888, TCP/53, TCP/8888, TCP/443 (as part of Anycast servers)

SDNS queries for DNS Filter

UDP/53, TCP/853 (as part of Anycast servers)

Registration

TCP/80

Alert Emails, Virus Sample

TCP/25

Central Management, Analysis

TCP/541

FortiMail

AS Rating

UDP/53

AV/AS Update

TCP/443

FortiManager

AV/IPS Updates, URL/AS Update, Firmware, SMS, FTM, Licensing, Policy Override Authentication, Registration

TCP/443

FortiClient updates

TCP/80

FortiSandbox

(FortiSandbox will use a random port picked by the kernel)

FortiGuard Distribution Servers

TCP/8890

FortiGuard Web Filtering Servers

UDP/53, UDP/8888

Outgoing ports

Purpose

Protocol/Port

FortiGate

Management

TCP/541

AV/IPS

UDP/9443

FortiMail

AV Push

UDP/9443

FortiManager

AV/IPS

UDP/9443