FortiClient open ports

Copy Link

Copy Doc ID 23a6ef88-6864-11ea-9384-00505692583a:788212

Download PDF

FortiClient open ports

The following tables show the distinct communications for each FortiClient product:

FortiClient
FortiClient EMS
FortiClient for Chromebook
FortiClient EMS for Chromebook

FortiClient

Outgoing ports
Purpose		Protocol/Port
FortiAnalyzer	Send logs to FortiAnalyzer (FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer)	TCP/514
FortiAuthenticator	SSO Mobility Agent, FSSO	TCP/8001
FortiClient EMS	Endpoint management	TCP/8013
FortiGate	Remote IPsec VPN access	UDP/IKE 500, ESP (IP 50), NAT-T 4500
	Remote SSL VPN access	TCP/443 (by default; this port can be customized)
	SSO Mobility Agent, FSSO	TCP/8001
	Compliance and Security Fabric	TCP/8013 (by default; this port can be customized)
FortiGuard	AV/VUL signatures update, Cloud-based behavior scan (CBBS)/applications that use cloud services	TCP/80
	Virus submission (SMTP/FortiGuard)	TCP/25
	URL rating	UDP/8888 (by default; this port can be changed to port 53 by entering fgd1.fortigate.com:53 via the XML config file)
FortiManager	Select a FortiManager to be used for FortiClient signature updates	TCP/80 (by default; this port can be customized)
FortiManager	Send logs to FortiManager (FortiClient must connect to FortiGate or EMS to send logs to FortiManager)	TCP/514
FortiSandbox	File analysis	TCP/514
Syslog server	Send logs to syslog server	UDP/514

FortiClient EMS

Incoming ports
Purpose		Protocol/Port
FortiClient	Endpoint management	TCP/8013 (by default; this port can be customized)
FortiClient	Download FortiClient installer created by EMS server	TCP/10443
Apache server/HTTPS	Web access to EMS	TCP/443
FSSO	Connection to FortiOS	TCP/8000

Outgoing ports
Purpose		Protocol/Port
FortiClient	Endpoint probing during FortiClient deployment	ICMP
FortiGuard	FortiClient EMS AV/VUL/APP version updates	TCP/80
Samba (SMB) service	SMB during FortiClient deployment	TCP/445
SMTP server/email	EMS and endpoint alerts	TCP/25
AD server	Retrieving workstation and user information	TCP/389 (LDAP) or TCP/636 (LDAPS)
Others	Distributed Computing Environment/Remote Procedure Calls (DCE/RPC) for FortiClient deployment	TCP/135

FortiClient for Chromebook

Outgoing ports
Purpose		Protocol/Port
FortiAnalyzer	Send logs to FortiAnalyzer	TCP/8443
FortiClient EMS	Connect to EMS Chromebook profile server	TCP/8443
FortiGuard	URL rating	TCP/443, TCP/3400

FortiClient EMS for Chromebook

Incoming ports
Purpose		Protocol/Port
FortiClient for Chromebook	Connection to EMS	TCP/8443
Apache server/HTTPS	Web access to EMS	TCP/443

Outgoing ports
Purpose		Protocol/Port
SMTP server/email	EMS and endpoint alerts	TCP/25
Others	G Suite API calls for Google domain information	TCP/443

FortiClient open ports

The following tables show the distinct communications for each FortiClient product:

FortiClient

Outgoing ports
FortiAnalyzer	Send logs to FortiAnalyzer (FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer)	TCP/514
FortiAuthenticator	SSO Mobility Agent, FSSO	TCP/8001
FortiClient EMS	Endpoint management	TCP/8013
FortiGate	Remote IPsec VPN access	UDP/IKE 500, ESP (IP 50), NAT-T 4500
Remote SSL VPN access	TCP/443 (by default; this port can be customized)
SSO Mobility Agent, FSSO	TCP/8001
Compliance and Security Fabric	TCP/8013 (by default; this port can be customized)
FortiGuard	AV/VUL signatures update, Cloud-based behavior scan (CBBS)/applications that use cloud services	TCP/80
Virus submission (SMTP/FortiGuard)	TCP/25
URL rating	UDP/8888 (by default; this port can be changed to port 53 by entering fgd1.fortigate.com:53 via the XML config file)
FortiManager	Select a FortiManager to be used for FortiClient signature updates	TCP/80 (by default; this port can be customized)
Send logs to FortiManager (FortiClient must connect to FortiGate or EMS to send logs to FortiManager)	TCP/514
FortiSandbox	File analysis	TCP/514
Syslog server	Send logs to syslog server	UDP/514

Outgoing ports

Purpose

Protocol/Port

FortiAnalyzer

Send logs to FortiAnalyzer (FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer)

TCP/514

FortiAuthenticator

SSO Mobility Agent, FSSO

TCP/8001

FortiClient EMS

Endpoint management

TCP/8013

FortiGate

Remote IPsec VPN access

UDP/IKE 500, ESP (IP 50), NAT-T 4500

Remote SSL VPN access

TCP/443 (by default; this port can be customized)

SSO Mobility Agent, FSSO

TCP/8001

Compliance and Security Fabric

TCP/8013 (by default; this port can be customized)

FortiGuard

AV/VUL signatures update, Cloud-based behavior scan (CBBS)/applications that use cloud services

TCP/80

Virus submission (SMTP/FortiGuard)

TCP/25

URL rating

UDP/8888 (by default; this port can be changed to port 53 by entering fgd1.fortigate.com:53 via the XML config file)

FortiManager

Select a FortiManager to be used for FortiClient signature updates

TCP/80 (by default; this port can be customized)

Send logs to FortiManager (FortiClient must connect to FortiGate or EMS to send logs to FortiManager)

TCP/514

FortiSandbox

File analysis

TCP/514

Syslog server

Send logs to syslog server

UDP/514

FortiClient EMS

Incoming ports
FortiClient	Endpoint management	TCP/8013 (by default; this port can be customized)
Download FortiClient installer created by EMS server	TCP/10443
Apache server/HTTPS	Web access to EMS	TCP/443
FSSO	Connection to FortiOS	TCP/8000

Incoming ports

Purpose

Protocol/Port

FortiClient

Endpoint management

TCP/8013 (by default; this port can be customized)

Download FortiClient installer created by EMS server

TCP/10443

Apache server/HTTPS

Web access to EMS

TCP/443

FSSO

Connection to FortiOS

TCP/8000

Outgoing ports
FortiClient	Endpoint probing during FortiClient deployment	ICMP
FortiGuard	FortiClient EMS AV/VUL/APP version updates	TCP/80
Samba (SMB) service	SMB during FortiClient deployment	TCP/445
SMTP server/email	EMS and endpoint alerts	TCP/25
AD server	Retrieving workstation and user information	TCP/389 (LDAP) or TCP/636 (LDAPS)
Others	Distributed Computing Environment/Remote Procedure Calls (DCE/RPC) for FortiClient deployment	TCP/135

Outgoing ports

Purpose

Protocol/Port

FortiClient

Endpoint probing during FortiClient deployment

ICMP

FortiGuard

FortiClient EMS AV/VUL/APP version updates

TCP/80

Samba (SMB) service

SMB during FortiClient deployment

TCP/445

SMTP server/email

EMS and endpoint alerts

TCP/25

AD server

Retrieving workstation and user information

TCP/389 (LDAP) or TCP/636 (LDAPS)

Others

Distributed Computing Environment/Remote Procedure Calls (DCE/RPC) for FortiClient deployment

TCP/135

FortiClient for Chromebook

Outgoing ports
FortiAnalyzer	Send logs to FortiAnalyzer	TCP/8443
FortiClient EMS	Connect to EMS Chromebook profile server	TCP/8443
FortiGuard	URL rating	TCP/443, TCP/3400

Outgoing ports

Purpose

Protocol/Port

FortiAnalyzer

Send logs to FortiAnalyzer

TCP/8443

FortiClient EMS

Connect to EMS Chromebook profile server

TCP/8443

FortiGuard

URL rating

TCP/443, TCP/3400

FortiClient EMS for Chromebook

Incoming ports
FortiClient for Chromebook	Connection to EMS	TCP/8443
Apache server/HTTPS	Web access to EMS	TCP/443

Incoming ports

Purpose

Protocol/Port

FortiClient for Chromebook

Connection to EMS

TCP/8443

Apache server/HTTPS

Web access to EMS

TCP/443

Outgoing ports
SMTP server/email	EMS and endpoint alerts	TCP/25
Others	G Suite API calls for Google domain information	TCP/443

Outgoing ports

Purpose

Protocol/Port

SMTP server/email

EMS and endpoint alerts

TCP/25

Others

G Suite API calls for Google domain information

TCP/443

Ports and Protocols

FortiClient open ports

FortiClient open ports

FortiClient

FortiClient EMS

FortiClient for Chromebook

FortiClient EMS for Chromebook

FortiClient open ports

FortiClient

FortiClient EMS

FortiClient for Chromebook

FortiClient EMS for Chromebook