FortiClient open ports
The following diagrams and tables show the distinct communications for each FortiClient product.
FortiClient
| Outgoing ports | ||
|---|---|---|
| Purpose | Protocol/Port | |
| FortiAnalyzer | Send logs to FortiAnalyzer (FortiClient must connect to FortiGate or EMS to send logs to FortiAnalyzer) |
TCP/514 |
| FortiAuthenticator | SSO Mobility Agent, FSSO | TCP/8001 |
| FortiClient EMS | Endpoint management | TCP/8013 |
| Upload logs and diagnostics to EMS server | TCP/8014 | |
| FortiGate | Remote IPsec VPN access | UDP/IKE 500, ESP (IP 50), NAT-T 4500 |
| Remote SSL VPN access | TCP/443 (by default; this port can be customized) | |
| SSO Mobility Agent, FSSO | TCP/8001 | |
| Compliance and Security Fabric | TCP/8013 (by default; this port can be customized) | |
| FortiGuard | AV/VUL signatures update, Cloud-based behavior scan (CBBS)/applications that use cloud services | TCP/80 |
| Virus submission (SMTP/FortiGuard) | TCP/25 | |
| URL rating |
UDP/8888 (by default; this port can be changed to port 53 by entering fgd1.fortigate.com:53 via the XML config file) |
|
| FortiManager | Select a FortiManager to be used for FortiClient signature updates | TCP/80 (by default; this port can be customized) |
| Send logs to FortiManager (FortiClient must connect to FortiGate or EMS to send logs to FortiManager) | TCP/514 | |
| FortiSandbox | File analysis | TCP/514 |
| Syslog server | Send logs to syslog server | UDP/514 |
FortiClient EMS
| Incoming ports | ||
|---|---|---|
| Purpose | Protocol/Port | |
| FortiClient | Endpoint management | TCP/8013 (by default; this port can be customized) |
| Upload logs and diagnostics to EMS server | TCP/8014 | |
| Download FortiClient installer created by EMS server | TCP/10443 | |
| Apache server/HTTPS | Web access to EMS | TCP/443 |
| Outgoing ports | ||
|---|---|---|
| Purpose | Protocol/Port | |
| FortiGuard | FortiClient EMS AV/VUL/APP version updates | TCP/80 |
| Samba (SMB) service | EMS uses SMB during FortiClient deployment | TCP/445 |
| SMTP server/email | EMS and endpoint alerts | TCP/25 |
| AD server | Retrieving workstation and user information | TCP/389 or TCP/636 (for LDAP or LDAPS respectively) |
| Others | EMS server uses Distributed Computing Environment/Remote Procedure Calls (DCE/RPC) for FortiClient deployment | TCP/135 |
FortiClient for Chromebook
| Outgoing ports | ||
|---|---|---|
| Purpose | Protocol/Port | |
| FortiAnalyzer | Send logs to FortiAnalyzer | TCP/8443 |
| FortiClient EMS | Connect to EMS Chromebook profile server | TCP/8443 |
| FortiGuard | URL rating | TCP/443, TCP/3400 |
FortiClient EMS for Chromebook
| Incoming ports | ||
|---|---|---|
| Purpose | Protocol/Port | |
| FortiClient for Chromebook | Connection to EMS | TCP/8443 |
| Apache server/HTTPS | Web access to EMS | TCP/443 |
| Outgoing ports | ||
|---|---|---|
| Purpose | Protocol/Port | |
| SMTP server/email | EMS and endpoint alerts | TCP/25 |
| Others | G Suite API calls for Google domain information | TCP/443 |
Copyright © 2022 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
