Incoming ports
|
Purpose |
Protocol/Port |
---|---|---|
FortiAuthenticator |
Policy Authentication through Captive Portal |
TCP/1000 |
RADIUS disconnect |
TCP/1700 |
|
FortiClient |
Remote IPsec VPN access |
UDP/IKE 500, ESP (IP 50), NAT-T 4500 |
Remote SSL VPN access |
TCP/443 |
|
SSO Mobility Agent, FSSO |
TCP/8001 |
|
Compliance and Security Fabric |
TCP/8013 (by default; this port can be customized) |
|
FortiProxy |
HA Heartbeat |
ETH Layer 0x8890, 0x8891, and 0x8893 |
HA Synchronization |
TCP/703, UDP/703 |
|
Unicast Heartbeat for Azure |
UDP/730 |
|
DNS for Azure |
UDP/53 |
|
WAN optimization tunnels |
TCP/7810 |
|
FortiGuard |
Management |
TCP/541 |
AV/IPS |
UDP/9443 |
|
FortiManager |
AV/IPS Push |
UDP/9443 |
IPv4 FGFM management |
TCP/541 |
|
IPv6 FGFM management |
TCP/542 |
|
3rd-Party Servers |
FSSO |
TCP/8001 (by default; this port can be customized) |
Others |
Web Admin |
TCP/80, TCP/443 |
Policy Override Authentication |
TCP/443, TCP/8008, TCP/8010 |
|
Policy Override Keepalive |
TCP/1000, TCP/1003 |
|
SSL VPN |
TCP/443 |