FortiGate Open Ports

1 Reply

FortiGate Open Ports

Incoming Ports

Purpose

 Protocol/Port
FortiAP-S Syslog, OFTP, Registration, Quarantine, Log & Report TCP/443
CAPWAP UDP/5246, UDP/5247
FortiAuthenticator RADIUS UDP/1812
FSSO TCP/8000
FortiGate HA Heartbeat TCP/703, TCP/23, or ETH Layer 2/8890
FortiGuard Management TCP/541
AV/IPS UDP/9443

FortiGate Open Ports

Incoming Ports

Purpose

 Protocol/Port
FortiManager AV/IPS Push UDP/9443
SSH CLI Management TCP/22
Management TCP/541
SNMP Poll UDP/161, UDP/162
FortiGuard Queries TCP/443
Others Web Admin TCP/80, TCP/443
FSSO TCP/8000
Policy Override Authentication TCP/443, TCP/8008
FortiClient Portal TCP/8009
Policy Override Keepalive TCP/1000, TCP/1003
SSL VPN TCP/10443
3rd-Party Servers FSSO TCP/8000
Outgoing Ports

Purpose

 Protocol/Port
FortiAnalyzer Syslog, OFTP, Registration, Quarantine, Log & Report TCP/514
IPsec Secure SNMP UDP/500, UDP/4500
FortiAuthenticator LDAP, PKI Authentication TCP or UDP/389
FortiCloud Registration, Quarantine, Log & Report, Syslog TCP/443
OFTP TCP/514
Management TCP/541
Contract Validation TCP/10151
FortiGate HA Heartbeat TCP/703, TCP/23, or ETH Layer 2/8890

 

FortiGate Open Ports

Outgoing Ports

Purpose

 Protocol/Port
FortiGuard AV/IPS Update TCP/443, TCP/8890
Cloud App DB TCP/9582
FortiGuard Queries UDP/53, UDP/8888
DNS UDP/53, UDP/8888
Registration TCP/80
Alert Email, Virus Sample TCP/25
Management, Firmware, SMS, FTM,

Licensing, Policy Override

 TCP/443
Central Management, Analysis TCP/541
FortiManager Management TCP/541
IPv6 TCP/542
Log & Report TCP or UDP/514
Secure SNMP UDP/161, UDP/162
FortiGuard Queries TCP/8890, UDP/53
FortiSandbox OFTP TCP/514
Incoming Ports

Purpose

 Protocol/Port
FortiAP-S Syslog, OFTP, Registration, Quarantine, Log & Report TCP/514
Event Logs UDP/5246
FortiClient Syslog UDP/514
FortiMail Syslog UDP/514
FortiManager Syslog & OFTP TCP/514, UDP/514
Registration TCP/541
Others SSH CLI Management TCP/22
Web Admin TCP/80, TCP/443
REST TCP/443
Polling TCP/445
Logg Agg TCP/3000
MySQL TCP/3306

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in FortiGate on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “FortiGate Open Ports

  1. hosam

    hi
    i have fortigate 300d , i try to open ports 80 , 22 , 3306 for external ip , the 3306 port did not opend
    but 80 and 22 opend do any one can help ?

    Reply

Leave a Reply to hosam Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.