Incoming ports
The following table identifies the incoming ports for FortiManager and how the ports interact with other products:
|
Product |
Purpose |
Protocol and Port |
|---|---|---|
|
FortiGate
|
IPv4 FGFM management |
TCP/541 |
|
IPv6 FGFM management |
TCP/542 |
|
|
WebFilter queries, AV & IPS updates* |
UDP/53, UDP/8888 |
|
|
TCP/80, TCP/8888 |
||
|
Antispam* |
TCP/8889 |
|
|
UDP/8889 |
||
|
FortiGuard and FortiClient Web Filter and Email Filter* |
TCP/8900 |
|
|
Registration for license validation and UTM updates (AV, IPS)* |
TCP/8890, TCP/443 |
|
|
Logging (all Fortinet products) |
OFTP |
TCP/514 |
|
FortiManager
|
HA |
TCP/5199 |
|
Log aggregation server (requires FortiManager 800 series or higher) |
TCP/300 |
|
|
File query/AntiVirus query service** |
TCP/8900 |
|
|
Cascade mode for FortiClient AV packages update |
TCP/8891 |
|
|
GeoIP service** |
TCP/8900 |
|
|
FortiGuard and FortiClient Web Filter and Email Filter* |
TCP/8900 |
|
|
Non-Fortinet products |
Syslog |
UDP/514, TCP/514 |
|
Chromebook |
Logging |
TCP/8443 |
|
Management
|
Ping |
ICMP |
|
SSH |
TCP/22 |
|
|
HTTP |
TCP/80 |
|
|
HTTPS |
TCP/443 |
|
|
Web Service (SOAP/XML API) |
TCP/8080 |
|
|
JSON API (HTTPS/HTTP respectively) |
TCP/443, TCP/80 |
|
|
SNMP query |
UDP/161 |
|
|
Remote access to FortiOS GUI from FortiManager*** |
TCP/8082 |
|
|
FortiGuard |
AV and IPS push updates |
UDP/9443 |
* Applies only when FortiManager is acting as a local FortiGuard server.
** In FortiManager 7.4.0, File query/AntiVirus query service uses TCP/8902 and GeoIP service uses TCP/8903.
*** The remote access to FortiOS GUI feature is available in FortiManager 7.4.2 and later.