Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kcapecchi
Staff
Staff

Created on ‎11-21-2016 07:27 AM

Article Id 196882

Technical Note: Port 80 usage for communication between FortiGate and FortiManager

Description
A FortiGate will communicate with all three ports on boot up, this is regardless of the port configuration on the FortiGate.

For example on boot up where 172.18.26.177 is the FortiGate:

143.602806 port1 in 172.18.26.177.5726 -> 172.18.26.174.8888: udp 64
146.612038 port1 in 172.18.26.177.5726 -> 172.18.26.174.8888: udp 64
149.622961 port1 in 172.18.26.177.5726 -> 172.18.26.174.8888: udp 64
152.634100 port1 in 172.18.26.177.5726 -> 172.18.26.174.53: udp 64
155.655109 port1 in 172.18.26.177.5726 -> 172.18.26.174.53: udp 64
158.665905 port1 in 172.18.26.177.5726 -> 172.18.26.174.53: udp 64
161.677046 port1 in 172.18.26.177.8020 -> 172.18.26.174.80: syn 2681082966
161.677107 port1 out 172.18.26.174.80 -> 172.18.26.177.8020: syn 1913883466 ack 2681082967
161.677742 port1 in 172.18.26.177.8020 -> 172.18.26.174.80: ack 1913883467
161.677836 port1 in 172.18.26.177.8020 -> 172.18.26.174.80: psh 2681082967 ack 1913883467
161.677863 port1 out 172.18.26.174.80 -> 172.18.26.177.8020: ack 2681083137
161.679842 lo in ::1.44103 -> ::1.8888: udp 64
161.709291 lo in ::1.8888 -> ::1.44103: udp 40
161.709391 port1 out 172.18.26.174.80 -> 172.18.26.177.8020: psh 1913883467 ack 2681083137
161.709879 port1 in 172.18.26.177.8020 -> 172.18.26.174.80: ack 1913883546
161.709916 port1 in 172.18.26.177.8020 -> 172.18.26.174.80: fin 2681083137 ack 1913883546
161.710747 port1 in 172.18.26.177.22944 -> 172.18.26.174.8888: udp 64
161.748822 port1 out 172.18.26.174.80 -> 172.18.26.177.8020: ack 2681083138
162.709001 port1 out 172.18.26.174.80 -> 172.18.26.177.8020: fin 1913883546 ack 2681083138
162.709797 port1 in 172.18.26.177.8020 -> 172.18.26.174.80: ack 1913883547
164.719514 port1 in 172.18.26.177.22944 -> 172.18.26.174.8888: udp 64

This is health check traffic.

The FortiGate sends out traffic to port 80 (TCP) and port 53/8888 (UDP) to detect if the service is available on these ports on the server side, and the GUI will display the detect result.

847
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.