Appendix C: Port Numbers
Appendix C: Port Numbers
The following tables and diagram describe the port numbers that the FortiMail unit uses:
ports for traffic originating from units (outbound ports)
ports for traffic receivable by units (listening ports)
ports used to connect to the Fortinet Distribution Network (FDN ports)
Traffic varies by enabled options and configured ports. Only default ports are listed.
 
Table 57: FortiMail outbound ports
Functionality
Ports
DNS lookup; RBL lookup
UDP 53
FortiGuard Antispam rating lookup
UDP 53, 8888, 8889
NTP synchronization
UDP 123
SNMP traps
UDP 162
Syslog
UDP 514
Remote email archive storage to FTP or SFTP server
TCP 21 or TCP 22
SMTP email relay or delivery; SMTP authentication; SMTP recipient verification; SMTP alert email
TCP 25
Dynamic DNS updates; HA web service monitoring
TCP 80
POP3 authentication; HA POP3 service monitoring
TCP 110
IMAP authentication; HA IMAP service monitoring
TCP 143
LDAP authentication and queries
TCP 389 or TCP 636
FortiGuard Antivirus or FortiGuard Antispam update
TCP 443
SMTPS email relay or delivery
TCP 465
RADIUS authentication
TCP 1812
HA heartbeat
UDP 20000
HA control
UDP 20001
HA configuration synchronization
TCP 20002
HA data synchronization
TCP 20003
Remote mail data storage on an NFS NAS; mail data backup to NFS NAS
TCP 2049
Remote mail data storage on an iSCSI NAS; mail data backup to iSCSI NAS
TCP 3260
Mail data backup to SMB/Windows server
TCP 445
Mail data backup to SSH file system
TCP 22
 
 
Table 58: FortiMail listening ports
Functionality
Ports
Note: When operating in the default configuration, FortiMail units do not accept TCP or UDP connections on any port except the port1 and port2 network interfaces, which accept ICMP pings, HTTPS connections on TCP port 443, and SSH connections on TCP port 22.
SNMP poll
UDP 161
FortiGuard Antivirus push update
The FDN sends notice that an update is available. Update downloads then occur on standard originating ports for updates.
UDP 9443
SSH administrative access to the CLI
TCP 22
Telnet administrative access to the CLI
TCP 23
SMTP email relay; SMTP email delivery (server mode only); HA SMTP service monitoring
TCP 25
HTTP administrative access to the web UI; HA web service monitoring; webmail and per-recipient quarantine access for email users
TCP 80
POP3 email retrieval (server mode only); POP3 email quarantine retrieval (gateway mode and transparent mode only); HA POP3 service monitoring
TCP 110
IMAP email retrieval (server mode only); HA IMAP service monitoring
TCP 143
HTTPS administrative access to the web UI; webmail and per-recipient quarantine access for email users
TCP 443
LDAP addressbook access
TCP 389 or TCP 636
SMTPS email relay; SMTPS email delivery (server mode only)
TCP 465
SMTP MSA service
TCP 587
IMAPS email retrieval (server mode only)
TCP 993
POP3S email retrieval (server mode only)
TCP 995
HA heartbeat
UDP 20000
HA control
UDP 20001
HA configuration synchronization
TCP 20002
HA data synchronization
TCP 20003
 
 
Table 59: FortiMail FDN ports
Functionality
Ports
Note: FortiMail communicates with the Fortinet Distribution Network (FDN) to receive updates or use FortiGuard services.
FortiGuard Antispam rating queries
UDP 53, 8888, 8889
FortiGuard Antivirus push update
The FDN sends notice that an update is available. Update downloads then occur on standard originating ports for updates.
UDP 9443
FortiGuard Antispam or FortiGuard Antivirus updates
TCP 443
Figure 148: FortiMail port numbers