Inbound. UDP/8002 – DC Agent keepalive and push logon info to Collector Agent TCP/8001 – FortiGate to FSSO Collector Agent connection (SSL) TCP/8000 – FortiGate to FSSO Collector Agent connection TCP/8000 – NTLM
Outbound. TCP/135, TCP/139, UDP/137 – Workstation check, polling mode (fallback method) TCP/445 – Remote access to logon events, Workstation check (remote registry) TCP/389 – Group lookup using LDAP TCP/636 - Group lookup using LDAPS TCP/3268 – Group lookup using LDAP with global catalog TCP/3269 – Group lookup using LDAPS with global catalog UDP/53 – DNS for resolving hostnames of the logon events.
Be sure to allow inbound connection to the FSSO Collector Agent by the integrated Windows Firewall.
To test the connection from a FortiGate run the following commands.