In the TCP and UDP stacks, there are 65 535 ports available for applications to use when communicating with each other. Many of these ports are commonly known to be associated with specific applications or protocols. These known ports can be useful when troubleshooting your network.
Use the following ports while troubleshooting the FortiGate device:
UDP 53 DNS lookup, RBL lookup
UDP 53 or UDP 8888 FortiGuard Antispam or Web Filtering rating lookup
UDP 53 (default) or UDP 8888 and UDP 1027 or UDP 1031
FDN Server List – source and destination port numbers vary by originating or reply traffic. See the article “How do I troubleshoot performance issues when FortiGuard Web Filtering is enabled?” in the Knowledge Base.
UDP 123 NTP Synchronization
UDP 162 SNMP Traps
SYSLOG – All FortiOS versions can use syslog to send log messages to remote syslog servers. FortiOS v2.80 and v3.0 can also view logs stored remotely on a FortiAnalyzer unit.
TCP 22 Configuration backup to FortiManager unit or FortiGuard Analysis and Man- agement Service.
TCP 25 SMTP alert email, encrypted virus sample auto-submit
TCP 389 or TCP 636 LDAP or PKI authentication
FortiGuard Antivirus or IPS update – When requesting updates from a FortiManager unit instead of directly from the FDN, this port must be recon- figured as TCP 8890.
TCP 443 FortiGuard Analysis and Management Service
TCP 514 FortiGuard Analysis and Management Service log transmission (OFTP)
TCP 541 SSL Management Tunnel to FortiGuard Analysis and Management Service
(FortiOS v3.0 MR6 or later)
TCP 514 Quarantine, remote access to logs and reports on a FortiAnalyzer unit, device registration with FortiAnalyzer units (OFTP)
TCP 1812 RADIUS authentication
TCP 8000 and TCP 8002 FSSO
TCP 10151 FortiGuard Analysis and Management Service contract validation
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!