FortiGate Open Ports

1 Reply

FortiGate Open Ports

Incoming Ports

Purpose

 Protocol/Port
FortiAP-S Syslog, OFTP, Registration, Quarantine, Log & Report TCP/443
CAPWAP UDP/5246, UDP/5247
FortiAuthenticator RADIUS UDP/1812
FSSO TCP/8000
FortiGate HA Heartbeat TCP/703, TCP/23, or ETH Layer 2/8890
FortiGuard Management TCP/541
AV/IPS UDP/9443

FortiGate Open Ports

Incoming Ports

Purpose

 Protocol/Port
FortiManager AV/IPS Push UDP/9443
SSH CLI Management TCP/22
Management TCP/541
SNMP Poll UDP/161, UDP/162
FortiGuard Queries TCP/443
Others Web Admin TCP/80, TCP/443
FSSO TCP/8000
Policy Override Authentication TCP/443, TCP/8008
FortiClient Portal TCP/8009
Policy Override Keepalive TCP/1000, TCP/1003
SSL VPN TCP/10443
3rd-Party Servers FSSO TCP/8000
Outgoing Ports

Purpose

 Protocol/Port
FortiAnalyzer Syslog, OFTP, Registration, Quarantine, Log & Report TCP/514
IPsec Secure SNMP UDP/500, UDP/4500
FortiAuthenticator LDAP, PKI Authentication TCP or UDP/389
FortiCloud Registration, Quarantine, Log & Report, Syslog TCP/443
OFTP TCP/514
Management TCP/541
Contract Validation TCP/10151
FortiGate HA Heartbeat TCP/703, TCP/23, or ETH Layer 2/8890

 

FortiGate Open Ports

Outgoing Ports

Purpose

 Protocol/Port
FortiGuard AV/IPS Update TCP/443, TCP/8890
Cloud App DB TCP/9582
FortiGuard Queries UDP/53, UDP/8888
DNS UDP/53, UDP/8888
Registration TCP/80
Alert Email, Virus Sample TCP/25
Management, Firmware, SMS, FTM,

Licensing, Policy Override

 TCP/443
Central Management, Analysis TCP/541
FortiManager Management TCP/541
IPv6 TCP/542
Log & Report TCP or UDP/514
Secure SNMP UDP/161, UDP/162
FortiGuard Queries TCP/8890, UDP/53
FortiSandbox OFTP TCP/514
Incoming Ports

Purpose

 Protocol/Port
FortiAP-S Syslog, OFTP, Registration, Quarantine, Log & Report TCP/514
Event Logs UDP/5246
FortiClient Syslog UDP/514
FortiMail Syslog UDP/514
FortiManager Syslog & OFTP TCP/514, UDP/514
Registration TCP/541
Others SSH CLI Management TCP/22
Web Admin TCP/80, TCP/443
REST TCP/443
Polling TCP/445
Logg Agg TCP/3000
MySQL TCP/3306
This entry was posted in FortiGate on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “FortiGate Open Ports

  1. hosam

    hi
    i have fortigate 300d , i try to open ports 80 , 22 , 3306 for external ip , the 3306 port did not opend
    but 80 and 22 opend do any one can help ?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.