Incoming ports

Incoming ports

	Purpose	Protocol/Port
FortiAuthenticator	Policy Authentication through Captive Portal	TCP/1000
FortiAuthenticator	RADIUS disconnect	TCP/1700
FortiClient	Remote IPsec VPN access	UDP/IKE 500, ESP (IP 50), NAT-T 4500
	Remote SSL VPN access	TCP/443
	SSO Mobility Agent, FSSO	TCP/8001
	Compliance and Security Fabric	TCP/8013 (by default; this port can be customized)
FortiProxy	HA Heartbeat	ETH Layer 0x8890, 0x8891, and 0x8893
	HA Synchronization	TCP/703, UDP/703
	Unicast Heartbeat for Azure	UDP/730
	DNS for Azure	UDP/53
	WAN optimization tunnels	TCP/7810
FortiGuard	Management	TCP/541
FortiGuard	AV/IPS	UDP/9443
FortiManager	AV/IPS Push	UDP/9443
	IPv4 FGFM management	TCP/541
	IPv6 FGFM management	TCP/542
3rd-Party Servers	FSSO	TCP/8001 (by default; this port can be customized)
Others	Web Admin	TCP/80, TCP/443
	Policy Override Authentication	TCP/443, TCP/8008, TCP/8010
	Policy Override Keepalive	TCP/1000, TCP/1003
	SSL VPN	TCP/443

Incoming ports

Purpose

Protocol/Port

FortiAuthenticator

Policy Authentication through Captive Portal

TCP/1000

RADIUS disconnect

TCP/1700

FortiClient

Remote IPsec VPN access

UDP/IKE 500, ESP (IP 50), NAT-T 4500

Remote SSL VPN access

TCP/443

SSO Mobility Agent, FSSO

TCP/8001

Compliance and Security Fabric

TCP/8013 (by default; this port can be customized)

FortiProxy

HA Heartbeat

ETH Layer 0x8890, 0x8891, and 0x8893

HA Synchronization

TCP/703, UDP/703

Unicast Heartbeat for Azure

UDP/730

DNS for Azure

UDP/53

WAN optimization tunnels

TCP/7810

FortiGuard

Management

TCP/541

AV/IPS

UDP/9443

FortiManager

AV/IPS Push

UDP/9443

IPv4 FGFM management

TCP/541

IPv6 FGFM management

TCP/542

3rd-Party Servers

FSSO

TCP/8001 (by default; this port can be customized)

Others

Web Admin

TCP/80, TCP/443

Policy Override Authentication

TCP/443, TCP/8008, TCP/8010

Policy Override Keepalive

TCP/1000, TCP/1003

SSL VPN

TCP/443

FortiProxy Ports

Incoming ports

Incoming ports