Functionality | Ports |
DNS lookup; RBL lookup | UDP 53 |
FortiGuard Antispam rating lookup | UDP 53, 8888, 8889 |
NTP synchronization | UDP 123 |
SNMP traps | UDP 162 |
Syslog | UDP 514 |
Remote email archive storage to FTP or SFTP server | TCP 21 or TCP 22 |
SMTP email relay or delivery; SMTP authentication; SMTP recipient verification; SMTP alert email | TCP 25 |
Dynamic DNS updates; HA web service monitoring | TCP 80 |
POP3 authentication; HA POP3 service monitoring | TCP 110 |
IMAP authentication; HA IMAP service monitoring | TCP 143 |
LDAP authentication and queries | TCP 389 or TCP 636 |
FortiGuard Antivirus or FortiGuard Antispam update | TCP 443 |
SMTPS email relay or delivery | TCP 465 |
RADIUS authentication | TCP 1812 |
HA heartbeat | UDP 20000 |
HA control | UDP 20001 |
HA configuration synchronization | TCP 20002 |
HA data synchronization | TCP 20003 |
Remote mail data storage on an NFS NAS; mail data backup to NFS NAS | TCP 2049 |
Remote mail data storage on an iSCSI NAS; mail data backup to iSCSI NAS | TCP 3260 |
Mail data backup to SMB/Windows server | TCP 445 |
Mail data backup to SSH file system | TCP 22 |
Functionality | Ports |
Note: When operating in the default configuration, FortiMail units do not accept TCP or UDP connections on any port except the port1 and port2 network interfaces, which accept ICMP pings, HTTPS connections on TCP port 443, and SSH connections on TCP port 22. | |
SNMP poll | UDP 161 |
FortiGuard Antivirus push update The FDN sends notice that an update is available. Update downloads then occur on standard originating ports for updates. | UDP 9443 |
SSH administrative access to the CLI | TCP 22 |
Telnet administrative access to the CLI | TCP 23 |
SMTP email relay; SMTP email delivery (server mode only); HA SMTP service monitoring | TCP 25 |
HTTP administrative access to the web UI; HA web service monitoring; webmail and per-recipient quarantine access for email users | TCP 80 |
POP3 email retrieval (server mode only); POP3 email quarantine retrieval (gateway mode and transparent mode only); HA POP3 service monitoring | TCP 110 |
IMAP email retrieval (server mode only); HA IMAP service monitoring | TCP 143 |
HTTPS administrative access to the web UI; webmail and per-recipient quarantine access for email users | TCP 443 |
LDAP addressbook access | TCP 389 or TCP 636 |
SMTPS email relay; SMTPS email delivery (server mode only) | TCP 465 |
SMTP MSA service | TCP 587 |
IMAPS email retrieval (server mode only) | TCP 993 |
POP3S email retrieval (server mode only) | TCP 995 |
HA heartbeat | UDP 20000 |
HA control | UDP 20001 |
HA configuration synchronization | TCP 20002 |
HA data synchronization | TCP 20003 |
Functionality | Ports |
Note: FortiMail communicates with the Fortinet Distribution Network (FDN) to receive updates or use FortiGuard services. | |
FortiGuard Antispam rating queries | UDP 53, 8888, 8889 |
FortiGuard Antivirus push update The FDN sends notice that an update is available. Update downloads then occur on standard originating ports for updates. | UDP 9443 |
FortiGuard Antispam or FortiGuard Antivirus updates | TCP 443 |