Fortinet Document Library

Version:


Table of Contents

6.2.0
Download PDF
Copy Link

FortiAuthenticator open ports

Incoming ports

Purpose

Protocol/Port

FortiAuthenticator

 

Load-balancing HA secondary

UDP/721, UDP/1194

Redundant HA cluster

UDP/720

FSSO tiered architecture

TCP/8003

FortiClient

SSO Mobility Agent, FSSO

TCP/8001 (by default; this port can be customized)

FortiGate

 

 

LDAP, PKI Authentication

TCP or UDP/389

RADIUS

UDP/1812

FSSO

TCP/8000

RADIUS Accounting

UDP/1813, UDP/1646

SCEP

TCP/80, TCP/443

CRL download

TCP/80

External captive portal

TCP/443

FortiToken Mobile

Push approve/deny

TCP/443

FTM device transfer

TCP/443

Others

 

 

 

SSH CLI

TCP/22

Telnet

TCP/23

HTTP & SCEP

TCP/80

SNMP Poll

UDP/161

Web Admin

TCP/80, TCP/443

LDAP

TCP/389

LDAPS

TCP/636

RADIUS

UDP/1812, UDP/1813

OCSP

TCP/2560

Syslog

UDP/514

SAML

TCP/443

OAuth

TCP/443

3rd-Party Servers

 

FSSO DC/TS agents

TCP/8002

FortiAuthenticator Windows/OWA agent

TCP/443

Outgoing ports

Purpose

Protocol/Port

FortiAuthenticator

 

(HA) HA heartbeat

UDP/720

(LB secondary) LB secondary sync

UDP/721, UDP/1194

FSSO tiered architecture

TCP/8003

FortiGate

 

Policy Authentication through Captive Portal

TCP/1000

RADIUS disconnect

TCP/1700

FortiGuard

 

 

 

FortiToken hardware seed retrieval TCP/443
FortiToken Mobile activation, provisioning, and transfer TCP/443
FortiToken Cloud provisioning TCP/443
FortiGuard SMS TCP/443

FortiToken Mobile push proxy service (FAC 6.1.1 and later)

TCP/443

FortiToken Mobile Apple push servers (FAC 6.1.0 and earlier)

TCP/5223, TCP/2195, TCP/2196

FortiToken Mobile Google push servers (FAC 6.1.0 and earlier)

TCP/443

3rd-Party Servers

 

 

 

 

SMTP

TCP/25

DNS

UDP/53

Windows AD

TCP/88

NTP

UDP/123

LDAP

TCP/389

Domain Control

TCP/445

LDAPS

TCP/636

FSSO tiered architecture TCP/5003

FTP/SFTP configuration and logs backup

TCP/21, TCP/22

SMS HTTP/HTTPS gateways

TCP/80, TCP/443

OAuth

TCP/443

CRL download

TCP/80, TCP/443

FortiNAC

FSSO

TCP/8000

FortiAnalyzer

Logging

UDP/514

FortiAuthenticator open ports

Incoming ports

Purpose

Protocol/Port

FortiAuthenticator

 

Load-balancing HA secondary

UDP/721, UDP/1194

Redundant HA cluster

UDP/720

FSSO tiered architecture

TCP/8003

FortiClient

SSO Mobility Agent, FSSO

TCP/8001 (by default; this port can be customized)

FortiGate

 

 

LDAP, PKI Authentication

TCP or UDP/389

RADIUS

UDP/1812

FSSO

TCP/8000

RADIUS Accounting

UDP/1813, UDP/1646

SCEP

TCP/80, TCP/443

CRL download

TCP/80

External captive portal

TCP/443

FortiToken Mobile

Push approve/deny

TCP/443

FTM device transfer

TCP/443

Others

 

 

 

SSH CLI

TCP/22

Telnet

TCP/23

HTTP & SCEP

TCP/80

SNMP Poll

UDP/161

Web Admin

TCP/80, TCP/443

LDAP

TCP/389

LDAPS

TCP/636

RADIUS

UDP/1812, UDP/1813

OCSP

TCP/2560

Syslog

UDP/514

SAML

TCP/443

OAuth

TCP/443

3rd-Party Servers

 

FSSO DC/TS agents

TCP/8002

FortiAuthenticator Windows/OWA agent

TCP/443

Outgoing ports

Purpose

Protocol/Port

FortiAuthenticator

 

(HA) HA heartbeat

UDP/720

(LB secondary) LB secondary sync

UDP/721, UDP/1194

FSSO tiered architecture

TCP/8003

FortiGate

 

Policy Authentication through Captive Portal

TCP/1000

RADIUS disconnect

TCP/1700

FortiGuard

 

 

 

FortiToken hardware seed retrieval TCP/443
FortiToken Mobile activation, provisioning, and transfer TCP/443
FortiToken Cloud provisioning TCP/443
FortiGuard SMS TCP/443

FortiToken Mobile push proxy service (FAC 6.1.1 and later)

TCP/443

FortiToken Mobile Apple push servers (FAC 6.1.0 and earlier)

TCP/5223, TCP/2195, TCP/2196

FortiToken Mobile Google push servers (FAC 6.1.0 and earlier)

TCP/443

3rd-Party Servers

 

 

 

 

SMTP

TCP/25

DNS

UDP/53

Windows AD

TCP/88

NTP

UDP/123

LDAP

TCP/389

Domain Control

TCP/445

LDAPS

TCP/636

FSSO tiered architecture TCP/5003

FTP/SFTP configuration and logs backup

TCP/21, TCP/22

SMS HTTP/HTTPS gateways

TCP/80, TCP/443

OAuth

TCP/443

CRL download

TCP/80, TCP/443

FortiNAC

FSSO

TCP/8000

FortiAnalyzer

Logging

UDP/514