Appendix A - Port Numbers

The following tables describe the port numbers that FortiAnalyzer uses:

  • ports for traffic originating from units (outbound ports)
  • ports for traffic receivable by units (listening ports)
  • ports used to connect to the FortiGuard Distribution Network (FDN)

Traffic varies by enabled options and configured ports. Only default ports are listed.

Functionality

Port(s)

DNS lookup

UDP 53

FDN connection

TCP 443

NTP synchronization

UDP 123

SNMP traps

UDP 162

Syslog, log forwarding

UDP 514

If a secure connection is configured between FortiGate and FortiAnalyzer, syslog traffic is sent into an IPsec tunnel. Data is exchanged over UDP 500/4500, Protocol IP/50.

Log and report upload

TCP 21 or TCP 22

SMTP alert email

TCP 25

User name LDAP queries for reports

TCP 389 or TCP 636

RADIUS authentication

TCP 1812

TACACS+ authentication

TCP 49

Log aggregation client

TCP 3000

Device registration of FortiGate or FortiManager

Remote access to quarantine, logs, and reports from FortiGate

Remote management from FortiManager (configuration retrieval) (OFTP)

TCP 514

EMS for Chromebooks logging

TCP 8443

FortiAnalyzer listening ports

Functionality

Port(s)

SNMP query

UDP 161

Syslog, log forwarding

UDP 514

If a secure connection is configured between FortiGate and FortiAnalyzer, syslog traffic is sent into an IPsec tunnel. Data is exchanged over UDP 500/4500, Protocol IP/50.

SSH administrative access to the CLI

TCP 22

Telnet administrative access to the CLI

TCP 23

HTTP administrative access to the GUI

TCP 80

HTTPS administrative access to the GUI

Remote management from FortiManager

TCP 443

Device registration of FortiGate or FortiManager

Receive log file uploading from FortiClient

Remote access to quarantine, logs, and reports from FortiGate

Remote management from FortiManager (configuration retrieval) (OFTP)

TCP 514

Interface access by FortiManager

TCP 541

HTTP or HTTPS administrative access to the GUI’s CLI dashboard widget–using the same protocol used by the administrator when logging in to the GUI.

TCP 2032

Log aggregation server (requires model FortiAnalyzer 800 series or higher).

TCP 3000

Web Service

TCP 8080

Ping

ICMP protocol