Appendix A - Port Numbers
The following tables describe the port numbers that FortiAnalyzer uses:
- ports for traffic originating from units (outbound ports)
- ports for traffic receivable by units (listening ports)
- ports used to connect to the FortiGuard Distribution Network (FDN)
Traffic varies by enabled options and configured ports. Only default ports are listed.
Functionality |
Port(s) |
---|---|
DNS lookup |
UDP 53 |
FDN connection |
TCP 443 |
NTP synchronization |
UDP 123 |
SNMP traps |
UDP 162 |
Syslog, log forwarding |
UDP 514 If a secure connection is configured between FortiGate and FortiAnalyzer, syslog traffic is sent into an IPsec tunnel. Data is exchanged over UDP 500/4500, Protocol IP/50. |
Log and report upload |
TCP 21 or TCP 22 |
SMTP alert email |
TCP 25 |
User name LDAP queries for reports |
TCP 389 or TCP 636 |
RADIUS authentication |
TCP 1812 |
TACACS+ authentication |
TCP 49 |
Log aggregation client |
TCP 3000 |
Device registration of FortiGate or FortiManager Remote access to quarantine, logs, and reports from FortiGate Remote management from FortiManager (configuration retrieval) (OFTP) |
TCP 514 |
EMS for Chromebooks logging |
TCP 8443 |
FortiAnalyzer listening ports
Functionality |
Port(s) |
---|---|
SNMP query |
UDP 161 |
Syslog, log forwarding |
UDP 514 If a secure connection is configured between FortiGate and FortiAnalyzer, syslog traffic is sent into an IPsec tunnel. Data is exchanged over UDP 500/4500, Protocol IP/50. |
SSH administrative access to the CLI |
TCP 22 |
Telnet administrative access to the CLI |
TCP 23 |
HTTP administrative access to the GUI |
TCP 80 |
HTTPS administrative access to the GUI Remote management from FortiManager |
TCP 443 |
Device registration of FortiGate or FortiManager Receive log file uploading from FortiClient Remote access to quarantine, logs, and reports from FortiGate Remote management from FortiManager (configuration retrieval) (OFTP) |
TCP 514 |
Interface access by FortiManager |
TCP 541 |
HTTP or HTTPS administrative access to the GUI’s CLI dashboard widget–using the same protocol used by the administrator when logging in to the GUI. |
TCP 2032 |
Log aggregation server (requires model FortiAnalyzer 800 series or higher). |
TCP 3000 |
Web Service |
TCP 8080 |
Ping |
ICMP protocol |