Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Default Port Information

FortiSandbox treats Port1 as reserved for device management, and Port3 be reserved for the Windows VM to communicate with the outside network. The other ports are used for file input and communication among cluster nodes. In Cluster mode, FortiSandbox uses TCP ports 2015 and 2018 for cluster internal communication. If the unit works as a Collector to receive threat information from other units, it uses TCP port 2443

The following tables list the default open ports for each FortiSandbox interface.

FortiSandbox 3500D, 2000E, and 3000E default ports

Port (Interface)

Type

Default Open Ports

Port1

RJ-45

TCP ports, 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail), SNMP local query port.

FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

Fortinet FortiSandbox VM download uses TCP port 443 for download. The FortiSandbox will use a random port picked by the kernel.

The Sandbox Community Cloud uses UDP port 53 or 8888 and TCP port 443. The FortiSandbox will use a random port picked up by the kernel.

If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

Port2, Port4

RJ-45

No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

Port3

RJ-45

No service listens. Reserved for guest VM to communicate with the outside network.

Port5, Port6

SFP+

No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

FortiSandbox 3000D default ports

Port (Interface)

Type

Default Open Ports

Port1

RJ-45

TCP ports, 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail). SNMP local query port.

FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

The Sandbox Community Cloud uses UDP port 53 or 8888 and TCP port 443. The FortiSandbox will use a random port picked up by the kernel.

If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

Port2, Port4

RJ-45

No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

Port3

RJ-45

All ports are open. Reserved for guest VM to communicate with the outside network.

Port5, Port6

SFP

No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

Port7, Port8

SFP+

No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

FortiSandbox 1000D default ports

Port (Interface)

Type

Default Open Ports

Port1

RJ-45

TCP ports 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail).

FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

The Sandbox Community Cloud uses UDP port 53 or 8888 and TCP port 443. The FortiSandbox will use a random port picked up by the kernel.

If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

Port2, Port4, Port5, Port6

RJ-45

No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

Port3

RJ-45

All ports are open. Reserved for guest VM to communicate with the outside network.

Port7, Port 8

SFP

No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

All ports mentioned above are the same for both IPv4 and IPv6 protocols.

You can dynamically change system firewall rules using the iptables CLI command. New rules will be lost after a system reboot.

note icon

If port3 of the FortiSandbox is connected to an interface behind the FortiGate device, make sure that the egress WAN interface does not have the Scan Outgoing Connections to Botnet Sites feature enabled, nor any active security profiles as this might impact the detection rate. If this is not possible, we recommend connecting the FortiSandbox port3 to a different egress WAN port or directly to the Internet in front of the perimeter firewall.

For more information on FortiSandbox 1000D, FortiSandbox 3000D, FortiSandbox 3500D, FortiSandbox 2000E, and FortiSandbox 3000E interfaces, see Interfaces.

Default Port Information

FortiSandbox treats Port1 as reserved for device management, and Port3 be reserved for the Windows VM to communicate with the outside network. The other ports are used for file input and communication among cluster nodes. In Cluster mode, FortiSandbox uses TCP ports 2015 and 2018 for cluster internal communication. If the unit works as a Collector to receive threat information from other units, it uses TCP port 2443

The following tables list the default open ports for each FortiSandbox interface.

FortiSandbox 3500D, 2000E, and 3000E default ports

Port (Interface)

Type

Default Open Ports

Port1

RJ-45

TCP ports, 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail), SNMP local query port.

FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

Fortinet FortiSandbox VM download uses TCP port 443 for download. The FortiSandbox will use a random port picked by the kernel.

The Sandbox Community Cloud uses UDP port 53 or 8888 and TCP port 443. The FortiSandbox will use a random port picked up by the kernel.

If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

Port2, Port4

RJ-45

No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

Port3

RJ-45

No service listens. Reserved for guest VM to communicate with the outside network.

Port5, Port6

SFP+

No service listens except OFTP. If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

FortiSandbox 3000D default ports

Port (Interface)

Type

Default Open Ports

Port1

RJ-45

TCP ports, 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail). SNMP local query port.

FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

The Sandbox Community Cloud uses UDP port 53 or 8888 and TCP port 443. The FortiSandbox will use a random port picked up by the kernel.

If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

Port2, Port4

RJ-45

No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

Port3

RJ-45

All ports are open. Reserved for guest VM to communicate with the outside network.

Port5, Port6

SFP

No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

Port7, Port8

SFP+

No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

FortiSandbox 1000D default ports

Port (Interface)

Type

Default Open Ports

Port1

RJ-45

TCP ports 22 (SSH), 23 (Telnet), 80 and 443 (GUI), 514 (OFTP communication with FortiGate, FortiWeb, FortiClient & FortiMail).

FortiGuard Distribution Servers (FDS) use TCP port 8890 for download. The FortiSandbox will use a random port picked by the kernel.

FortiGuard Web Filtering servers use UDP port 53 or 8888. The FortiSandbox will use a random port picked up by the kernel.

The Sandbox Community Cloud uses UDP port 53 or 8888 and TCP port 443. The FortiSandbox will use a random port picked up by the kernel.

If you configure an internal mail server, internal DNS server, remote syslog server, LDAP server, SNMP managers, NTP server, or override the web filtering server IP address, communication is recommended to be through this interface. Ensure that the applicable routing is configured.

Port2, Port4, Port5, Port6

RJ-45

No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

Port3

RJ-45

All ports are open. Reserved for guest VM to communicate with the outside network.

Port7, Port 8

SFP

No service listens except OFTP (TCP port 514). If user specifies it as an administration port through CLI command set admin-port, TCP ports 80 and 443 will be opened for web UI.

All ports mentioned above are the same for both IPv4 and IPv6 protocols.

You can dynamically change system firewall rules using the iptables CLI command. New rules will be lost after a system reboot.

note icon

If port3 of the FortiSandbox is connected to an interface behind the FortiGate device, make sure that the egress WAN interface does not have the Scan Outgoing Connections to Botnet Sites feature enabled, nor any active security profiles as this might impact the detection rate. If this is not possible, we recommend connecting the FortiSandbox port3 to a different egress WAN port or directly to the Internet in front of the perimeter firewall.

For more information on FortiSandbox 1000D, FortiSandbox 3000D, FortiSandbox 3500D, FortiSandbox 2000E, and FortiSandbox 3000E interfaces, see Interfaces.