When configuring a device to override default FDN ports and IP addresses with that of a FortiManager system, the default port settings for the device’s update or query requests may not match the listening port of the FortiManager system’s built-in FDS. If this is the case, the device’s requests will fail. To successfully connect them, you must match the devices’ port settings with the FortiManager system’s built-in FDS listening ports.
For example, the default port for FortiGuard antivirus and IPS update requests is TCP 443 on FortiOS v4.0 and higher, but the FortiManager system’s built-in FDS listens for those requests on TCP 8890. In this case, the FortiGate unit’s update requests would fail until you configure the unit to send requests on TCP 8890.
In some cases, the device may not be configurable; instead, you must configure the FortiManager system to listen on an alternate port.
For more information about what ports must be open, see the FortiManager 6.4 Ports and Protocols Guide.