Document
Library

Administration Guide

Introduction
- Getting started
- Loading the ANN database to FortiNDR for malware detection
- Updating the ANN database from FDS for malware detection
- Operating mode, protocols, and file type support
- File scan flow
- Architecture considerations
- Planning deployment
- Initial setup
Dashboard
- NDR Overview
- Malware Overview
- System Status
- Custom dashboards
Network Insights
Security Fabric
- FortiGate inline blocking (FOS 7.0.1 and higher)
- FortiGate integration (integrated mode with FOS 5.6 and higher)
- Device input
  - FortiGate tab
  - Other Device tab
- Network Share
- Network Share Quarantine
- Fabric Connectors
  - ICAP Connectors
  - Security Fabric Connector
- Enforcement
  - Creating an Enforcement Profile
- Automation Framework
- Automation log
- FortiSandbox integration (FortiSandbox 4.0.1 and higher)
Attack Scenario
- Attack scenario navigation and timeline
- Understanding kill chain and scenario engine
Host Story
Virtual Security Analyst
- Express Malware Analysis
- Outbreak Search
- Static Filter
- ML Configuration
- Malware Big Picture
- Device Enrichment
  - Creating a Device Enrichment Profile
Netflow
- Netflow Dashboard
- Netflow Log
Network
System
- Administrator and Admin Profiles
- Firmware
- Settings
- FortiGuard
- Certificates
- Conserve Mode
- Backup or restore the system configuration
User & Authentication
- RADIUS Server
- LDAP Servers
Log & Report
- Malware Log
- NDR Log
- Events
- Daily Feature Learned
- Log Settings
- Alert Email Setting
- Email Alert Recipients
- NDR logs samples
- AV log samples
Troubleshooting
- FortiNDR troubleshooting tips
- FortiNDR health checks
- Rebuild RAID disk
- Managing FortiNDR disk usage
- Export malware
- Working with false positives and false negatives
- Troubleshoot ICAP and OFTP connection issues
- Troubleshoot Log Settings
- Troubleshoot Network Share
- Troubleshooting the VM License
- Troubleshooting Updater
- Troubleshooting tips for Network File Share
Appendix A - API guide
Appendix B - Sample script to submit files
Appendix C - FortiNDR ports
Appendix D - FortiGuard updates
Appendix E - Event severity level by category
Appendix F - IPv6 support
Appendix G - Supported Application Protocol List
Appendix H - File types and protocols
Change Log

Home FortiNDR 7.2.3 Administration Guide

7.2.3

Appendix C - FortiNDR ports

Appendix C - FortiNDR ports

FortiNDR requires the following ports.

Item	Protocol and port number	Direction
API submission, such as FortiSandbox	TCP 443	Inbound
CLI	TCP 22	Inbound SSH
FortiGate quarantine	TCP 443	Outbound to FortiGate
FortiGuard update	TCP 443	Outbound to: fai.fortinet.net fds1.fortinet.com update.fortiguard.net
IOC lookup	TCP 443	Outbound to productapi.fortinet.com
IOT lookup	TCP 443	Outbound to globalguardservice.fortinet.net
GUI	TCP 443	Inbound web browser
ICAP	TCP 1344, 11344	Inbound
NetFlow listen ports	UDP 2055,6343,9995	Inbound
Network File Share	TCP 139, 445, 2049 (NFS)	Outbound to file server
OFTP server	TCP 514	Inbound
Security Fabric with FortiGate	TCP 443	Outbound to root FortiGate for Security Fabric communication
Security Fabric with FortiGate	TCP 8013	Outbound to root FortiGate in Security Fabric
Web Filter query	UDP 53	Outbound to service.fortiguard.net
Microsoft Active Directory	TCP 636,389	Inbound and outbound

Previous

Next

Appendix C - FortiNDR ports

FortiNDR requires the following ports.

Item	Protocol and port number	Direction
API submission, such as FortiSandbox	TCP 443	Inbound
CLI	TCP 22	Inbound SSH
FortiGate quarantine	TCP 443	Outbound to FortiGate
FortiGuard update	TCP 443	Outbound to: fai.fortinet.net fds1.fortinet.com update.fortiguard.net
IOC lookup	TCP 443	Outbound to productapi.fortinet.com
IOT lookup	TCP 443	Outbound to globalguardservice.fortinet.net
GUI	TCP 443	Inbound web browser
ICAP	TCP 1344, 11344	Inbound
NetFlow listen ports	UDP 2055,6343,9995	Inbound
Network File Share	TCP 139, 445, 2049 (NFS)	Outbound to file server
OFTP server	TCP 514	Inbound
Security Fabric with FortiGate	TCP 443	Outbound to root FortiGate for Security Fabric communication
Security Fabric with FortiGate	TCP 8013	Outbound to root FortiGate in Security Fabric
Web Filter query	UDP 53	Outbound to service.fortiguard.net
Microsoft Active Directory	TCP 636,389	Inbound and outbound

Previous

Next