Scribd Logo
Upload

Welcome to Scribd!

  • 62 views

    FortiOS 7.0 Ports

    Uploaded by

    vedant ved
    The document lists the incoming and outgoing ports used by various Fortinet products. For incoming ports, common uses include syslog, registration, quarantine, IPsec and SSL VPNs, and administrator access. Configurable ports allow customization. Outgoing ports are often used for heartbeat, synchronization, IPsec tunnels, DNS, updates, and communication with FortiAnalyzer, FortiGuard, and the cloud.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    FortiOS 7.0 Ports

    Uploaded by

    vedant ved
    62 views6 pages
    The document lists the incoming and outgoing ports used by various Fortinet products. For incoming ports, common uses include syslog, registration, quarantine, IPsec and SSL VPNs, and administrator access. Configurable ports allow customization. Outgoing ports are often used for heartbeat, synchronization, IPsec tunnels, DNS, updates, and communication with FortiAnalyzer, FortiGuard, and the cloud.

    Original Title

    FortiOS-7.0-Ports

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document lists the incoming and outgoing ports used by various Fortinet products. For incoming ports, common uses include syslog, registration, quarantine, IPsec and SSL VPNs, and administrator access. Configurable ports allow customization. Outgoing ports are often used for heartbeat, synchronization, IPsec tunnels, DNS, updates, and communication with FortiAnalyzer, FortiGuard, and the cloud.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    62 views6 pages

    FortiOS 7.0 Ports

    Uploaded by

    vedant ved
    The document lists the incoming and outgoing ports used by various Fortinet products. For incoming ports, common uses include syslog, registration, quarantine, IPsec and SSL VPNs, and administrator access. Configurable ports allow customization. Outgoing ports are often used for heartbeat, synchronization, IPsec tunnels, DNS, updates, and communication with FortiAnalyzer, FortiGuard, and the cloud.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 6

    Incoming ports

    Ports and
    Product Purpose Configurable
    protocols

    Syslog, Registration, Quarantine, Log &


    TCP/443
    FortiAP-S Report

    CAPWAP UDP/5246-5247

    Policy Authentication through Captive Portal TCP/1000


    FortiAuthenticator
    RADIUS Disconnect TCP/1700

    UDP/500, UDP/4500 Yes


    Remote IPsec VPN
    ESP (IP 50)

    Remote SSL VPN TCP/443 Yes


    FortiClient
    Remote SSL VPN when DTLS enabled UDP/443 Yes

    SSO Mobility Agent, FSSO TCP/8001

    Compliance and Security Fabric TCP/8013 Yes

    Control channel UDP/5246 Yes


    FortiExtender
    Data channel UDP/25246 Yes

    ETH Layer 0x8890,


    HA Heartbeat
    0x8891, 0x8893

    TCP/703
    HA Synchronization
    UDP/703

    TCP/22, TCP/80,
    Yes
    Administrator Access TCP/443

    ICMP
    FortiGate
    UDP/500, UDP/4500 Yes
    IPsec VPN
    ESP (IP 50)

    IPsec VPN Forward Error Correction UDP/50000

    Unicast Heartbeat for Azure UDP/730

    DNS for Azure UDP/53

    Security Fabric UDP/8014

    FortiOS 7.0 Ports 01-700-723840-20211118


    Fortinet Technologies Inc. 1
    Incoming ports

    Ports and
    Product Purpose Configurable
    protocols

    FortiGuard IPv4 FGFM tunnel TCP/541

    IPv6 FGFM tunnel TCP/542

    IPv4 FGFM tunnel TCP/541


    FortiManager
    IPv6 FGFM tunnel TCP/542

    FortiPortal API for communication (FortiOS REST API) TCP/443

    Approve/deny response from FortiToken


    FortiToken Mobile TCP/4433 Yes
    Mobile

    FSSO server FSSO TCP/8001 Yes

    TCP/22, TCP/80,
    Yes
    Administrator Access (SSH, HTTPS, HTTP) TCP/443

    ICMP

    TCP/443, TCP/8008,
    Policy Override Authentication
    TCP/8010
    Others
    Policy Override Keepalive TCP/1000, TCP/1003

    SSL VPN TCP/443 Yes

    ACME service TCP/80, TCP/443

    AeroScout Vendor port UDP/1144

    External captive portal authentication with


    UDP/2000
    FortiAP in bridge mode

    RADIUS DAS feature - RFC 5176 UDP/3799

    Enabling some services will cause additional standard ports to open as the protocol
    necessitates. For example, enabling BGP will open TCP port 179. See View open and in use
    ports for more information.

    FortiOS 7.0 Ports 2


    Fortinet Technologies Inc.
    Outgoing Ports

    Product Purpose Ports and protocols Configurable

    Syslog, OFTP, Registration, Quarantine, Log


    FortiAnalyzer TCP/514
    & Report

    FortiAP CAPWAP UDP/5246-5247

    TCP/389
    LDAP, PKI Authentication
    UDP/389

    RADIUS UDP/1812

    FSSO TCP/8000
    FortiAuthenticator
    RADIUS Accounting UDP/1813

    SCEP TCP/80, TCP/443

    CRL Download TCP/80

    External Captive Portal TCP/443

    UDP/5246,
    FortiExtender Data port Yes
    UDP/25246

    ETH Layer 0x8890,


    HA Heartbeat
    0x8891, 0x8893

    TCP/703
    HA Synchronization
    UDP/703

    FortiGate UDP/500, UDP/4500 Yes


    IPsec VPN
    ESP (IP 50)

    IPsec VPN Forward Error Correction UDP/50000

    Unicast Heartbeat for Azure UDP/730

    DNS for Azure UDP/53

    Registration, Quarantine, Log & Report,


    TCP/443
    Syslog, Contract Validation
    FortiGate Cloud
    OFTP TCP/514

    Management TCP/541

    FortiOS 7.0 Ports 3


    Fortinet Technologies Inc.
    Outgoing Ports

    Product Purpose Ports and protocols Configurable

    AV/IPS update TCP/443, TCP/8890

    Cloud Application Database TCP/9582

    UDP/53, UDP/8888
    FortiGuard Queries TCP/53, TCP/443,
    TCP/8888

    DNS UDP/53, UDP/8888

    Registration TCP/80

    Alert Email, Virus sample TCP/25

    Management, Firmware, SMS, Licensing,


    FortiGuard TCP/443
    Policy Override

    Central Management, Analysis TCP/541

    IPv4 FGFM tunnel TCP/541

    IPv6 FGFM tunnel TCP/542

    Secure DNS filter TCP/53, TCP/853

    IPAM Service TCP/443

    IoT Service TCP/443

    FortiDDNS TCP/443 Yes

    FortiGuard persistent connection for updates


    TCP/443
    (2U and VM models only)

    IPv4 FGFM management TCP/541

    IPv6 FGFM management TCP/542

    Log & Report TCP/514


    FortiManager UDP/53, UDP/8888
    AntiSpam, WebFilter queries
    TCP/8888

    Registration for license validation and UTM


    TCP/443, TCP/8890
    updates (AV, IPS)

    FortiSandbox OFTP TCP/514

    FortiSwitch FortiLink UDP/5246-5247 Yes

    Two factor authentication request to


    FortiToken Cloud TCP/8686
    FortiToken Cloud (ftc.fortinet.com)

    FortiOS 7.0 Ports 4


    Fortinet Technologies Inc.
    Outgoing Ports

    Product Purpose Ports and protocols Configurable

    Two factor request to push proxy


    TCP/443
    FortiToken Mobile (push.fortinet.com)

    Using FAC, the request is sent to FAC UDP/1812

    FSSO FSSO TCP/8001 Yes

    email notification TCP/465 Yes

    Others netflow collector UDP/2055 Yes

    sflow collector UDP/6343 Yes

    FortiOS 7.0 Ports 5


    Fortinet Technologies Inc.
    Change Log

    Date Change Description

    2021-06-07 Initial release.

    2021-06-24 Added incoming FortiManager ports and updated outgoing FortiGuard ports.

    2021-08-13 Added incoming FortiGate Security Fabric and outgoing FortiGate IPsec ports.

    2021-09-17 Added incoming FortiExtender ports.

    2021-11-18 Updated incoming ports.

    FortiOS 7.0 Ports 6


    Fortinet Technologies Inc.

    You might also like