Fortinet black logo

Administration Guide

Home FortiNDR 7.4.2 Administration Guide
7.4.2
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

Appendix C: FortiNDR ports

Appendix C: FortiNDR ports

FortiNDR requires the following ports.

Item

Protocol and port number

Direction

API submission, such as FortiSandbox

TCP 443

Inbound

Auto sample submit,

TCP 25

Outbound to fndr.fortinet.com
CLI TCP 22

Inbound SSH

Data synchronization

TCP 20003

Inbound and outbound between FortiNDR units in an HA group.

DB synchronization

TCP 9440

Inbound and outbound between FortiNDR units in an HA group.

File synchronization

TCP 20002

Inbound and outbound between FortiNDR units in an HA group.

FortiGate quarantine

TCP 443

Outbound to FortiGate
FortiGuard update TCP 443

Initial outbound to:

  • fai.fortinet.net
  • fds1.fortinet.com
  • update.fortiguard.net

For a complete list of the current Fortiguard update servers, please use the CLI diagnose fds list. Please be aware this list of IPs can and will change over time without notice.
GUI TCP 443

Inbound web browser
ICAP TCP 1344, 11344

Inbound
IOC lookup

TCP 443

Outbound to productapi.fortinet.com
IOT lookup

TCP 443

Outbound to globalguardservice.fortinet.net

Microsoft Active Directory

TCP 636,389

Inbound and outbound

NetFlow listen ports

UDP 2055,6343,9995

Inbound

Network File Share

TCP 139, 445, 2049 (NFS)

Outbound to file server

OFTP server

TCP 514

Inbound
Security Fabric with FortiGate TCP 443

Outbound to root FortiGate for Security Fabric communication
Security Fabric with FortiGate TCP 8013

Outbound to root FortiGate in Security Fabric

Sensor Center command communication

UDP 5566|

Sensor to Center

Sensor Center data synchronization

TCP 9094 9096

Sensor to Center

Web Filter query

UDP 53

Outbound to service.fortiguard.net
Previous
Next

Appendix C: FortiNDR ports

FortiNDR requires the following ports.

Item

Protocol and port number

Direction

API submission, such as FortiSandbox

TCP 443

Inbound

Auto sample submit,

TCP 25

Outbound to fndr.fortinet.com
CLI TCP 22

Inbound SSH

Data synchronization

TCP 20003

Inbound and outbound between FortiNDR units in an HA group.

DB synchronization

TCP 9440

Inbound and outbound between FortiNDR units in an HA group.

File synchronization

TCP 20002

Inbound and outbound between FortiNDR units in an HA group.

FortiGate quarantine

TCP 443

Outbound to FortiGate
FortiGuard update TCP 443

Initial outbound to:

  • fai.fortinet.net
  • fds1.fortinet.com
  • update.fortiguard.net

For a complete list of the current Fortiguard update servers, please use the CLI diagnose fds list. Please be aware this list of IPs can and will change over time without notice.
GUI TCP 443

Inbound web browser
ICAP TCP 1344, 11344

Inbound
IOC lookup

TCP 443

Outbound to productapi.fortinet.com
IOT lookup

TCP 443

Outbound to globalguardservice.fortinet.net

Microsoft Active Directory

TCP 636,389

Inbound and outbound

NetFlow listen ports

UDP 2055,6343,9995

Inbound

Network File Share

TCP 139, 445, 2049 (NFS)

Outbound to file server

OFTP server

TCP 514

Inbound
Security Fabric with FortiGate TCP 443

Outbound to root FortiGate for Security Fabric communication
Security Fabric with FortiGate TCP 8013

Outbound to root FortiGate in Security Fabric

Sensor Center command communication

UDP 5566|

Sensor to Center

Sensor Center data synchronization

TCP 9094 9096

Sensor to Center

Web Filter query

UDP 53

Outbound to service.fortiguard.net
Previous
Next