FortiClient open ports
The following diagrams and tables show the distinct communications for each FortiClient product.
FortiClient
Outgoing ports |
||
---|---|---|
Purpose |
Protocol/Port |
|
Send logs to FortiAnalyzer (FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer) |
TCP/514 |
|
SSO Mobility Agent, FSSO |
TCP/8001 |
|
Endpoint management |
TCP/8013 |
|
Upload logs and diagnostics to EMS server |
TCP/8014 |
|
Remote IPsec VPN access |
UDP/IKE 500, ESP (IP 50), NAT-T 4500 |
|
Remote SSL VPN access |
TCP/443 (by default; this port can be customized) |
|
SSO Mobility Agent, FSSO |
TCP/8001 |
|
Compliance and Security Fabric |
TCP/8013 (by default; this port can be customized) |
|
AV/VUL signatures update, Cloud-based behavior scan (CBBS)/applications that use cloud services |
TCP/80 |
|
Virus submission (SMTP/FortiGuard) |
TCP/25 |
|
URL rating |
UDP/8888 (by default; this port can be changed to port 53 by entering fgd1.fortigate.com:53 via the XML config file) |
|
Select a FortiManager to be used for FortiClient signature updates |
TCP/80 (by default; this port can be customized) |
|
Send logs to FortiManager (FortiClient must connect to FortiGate or EMS to send logs to FortiManager) |
TCP/514 |
|
File analysis |
TCP/514 |
|
Syslog server |
Send logs to syslog server |
UDP/514 |
FortiClient EMS
Incoming ports |
||
---|---|---|
Purpose |
Protocol/Port |
|
Endpoint management |
TCP/8013 (by default; this port can be customized) |
|
Upload logs and diagnostics to EMS server |
TCP/8014 |
|
Download FortiClient installer created by EMS server |
TCP/10443 |
|
Apache server/HTTPS |
Web access to EMS |
TCP/443 |
Outgoing ports |
||
---|---|---|
Purpose |
Protocol/Port |
|
FortiClient EMS AV/VUL/APP version updates |
TCP/80 |
|
Samba (SMB) service |
EMS uses SMB during FortiClient deployment |
TCP/445 |
SMTP server/email |
EMS and endpoint alerts |
TCP/25 |
AD server |
Retrieving workstation and user information |
TCP/389 or TCP/636 (for LDAP or LDAPS respectively) |
Others |
EMS server uses Distributed Computing Environment/Remote Procedure Calls (DCE/RPC) for FortiClient deployment |
TCP/135 |
FortiClient for Chromebook
Outgoing ports |
||
---|---|---|
Purpose |
Protocol/Port |
|
Send logs to FortiAnalyzer |
TCP/8443 |
|
Connect to EMS Chromebook profile server |
TCP/8443 |
|
URL rating |
TCP/443, TCP/3400 |
FortiClient EMS for Chromebook
Incoming ports |
||
---|---|---|
Purpose |
Protocol/Port |
|
Connection to EMS |
TCP/8443 |
|
Apache server/HTTPS |
Web access to EMS |
TCP/443 |
Outgoing ports |
||
---|---|---|
Purpose |
Protocol/Port |
|
SMTP server/email |
EMS and endpoint alerts |
TCP/25 |
Others |
G Suite API calls for Google domain information |
TCP/443 |