Appendix D: Port Numbers
 
Appendix D: Port Numbers
Port Numbers
The following tables describe the port numbers that the FortiAnalyzer unit uses:
ports for traffic originating from units (outbound ports)
ports for traffic receivable by units (listening ports)
ports used to connect to the FortiGuard Distribution Network (FDN ports)
Traffic varies by enabled options and configured ports. Only default ports are listed.
Table 36: FortiAnalyzer outbound ports 
Functionality
Port(s)
DNS lookup
UDP 53
NTP synchronization
UDP 123
Windows share
UDP 137-138
SNMP traps
UDP 162
Syslog, log forwarding
 
UDP 514
Note: If a secure connection has been configured between a FortiGate and a FortiAnalyzer, syslog traffic will be sent into an IPsec tunnel. Data will be exchanged over UDP 500/4500, Protocol IP/50.
Log and report upload
TCP 21 or TCP 22
SMTP alert email
TCP 25
User name LDAP queries for reports
TCP 389 or TCP 636
Vulnerability Management updates
TCP 443
RADIUS authentication
TCP 1812
TACACS+ authentication
TCP 49
Log aggregation client
TCP 3000
Device registration of FortiGate or FortiManager units; remote access to quarantine, logs & reports from a FortiGate unit; remote management from a FortiManager unit (configuration retrieval) (OFTP)
TCP 514
Table 37: FortiAnalyzer listening ports
Functionality
Port(s)
Windows share
UDP 137-139 and TCP 445
Syslog, log forwarding
 
UDP 514
Note: If a secure connection has been configured between a FortiGate and a FortiAnalyzer, syslog traffic will be sent into an IPsec tunnel. Data will be exchanged over UDP 500/4500, Protocol IP/50.
SSH administrative access to the CLI
TCP 22
Telnet administrative access to the CLI
TCP 23
HTTP administrative access to the Web-based Manager
TCP 80
HTTPS administrative access to the Web-based Manager; remote management from a FortiManager unit
TCP 443
Device registration of FortiGate or FortiManager units; remote access to quarantine, logs & reports from a FortiGate unit; remote management from a FortiManager unit (configuration retrieval) (OFTP)
TCP 514
NFS share
TCP 2049
HTTP or HTTPS administrative access to the Web-based Manager's CLI dashboard widget.
Protocol used will match the protocol used by the administrator when logging in to the Web-based Manager.
TCP 2032
Log aggregation server
Log aggregation server support requires model FortiAnalyzer-800 or greater.
TCP 3000
Remote management from a FortiManager unit (configuration installation)
TCP 8080
Remote MySQL database connection
TCP 3306
Table 38: FortiAnalyzer FDN ports
Functionality
Port(s)
Vulnerability Management updates
TCP 443