FortiManager Open Ports FortiGuard Open Ports FortiAnalyzer Open Ports FortiManager Open Ports FortiGuard Open Ports

FortiMail open ports

note icon

When operating in its default configuration, FortiMail does not accept TCP or UDP connections on any port except port1 and port2 network interfaces, which accept:

  • ICMP pings,
  • HTTPS connections on TCP/443,
  • and SSH connections on TCP/22.
Incoming ports
Purpose Protocol/Port
Admin by Console or PC SSH, Telnet, HTTP, SSH, Console TCP/443 or TCP/80 or TCP/22 or TCP/23
Email Client Quarantine View/Retrieve TCP/80 or TCP/443 or TCP/110
SMTP or SMTPS TCP/25 or TCP/465
POP3 or POP3S TCP/110 or TCP/995 (server mode only)
IMAP or IMAPS TCP/143 or TCP/993 (server mode only)
WebDAV and CalDAV TCP/8008
FortiMail Base port for HA heartbeat signal UDP/20000
Synchronization control UDP/20001
File synchronization TCP/20002
Data synchronization TCP/20003
Checksum synchronization TCP/20004
HA service monitoring (remote SMTP) TCP/25
HA service monitoring (remote HTTP) TCP/80
HA service monitoring (remote POP3) TCP/110
HA service monitoring (remote IMAP) TCP/143
Clear Text Central Quarantine TCP/514
SSL Central Quarantine TCP/6514
FortiManager SNMP Poll TCP/161
AV Push  
FortiGuard AV Push UDP/9443
External Email Server SMTP or SMTPS TCP/25 or 465
Storage: iSCI, NFS TCP/3260 (iSCI), TCP/2049 (NFS)
Config Backup SFTP / FTP
Mail Data Backup NFS, SMB/CIFS, SSH, external USB (direct connected), iSCSI
Protected Email Server SMTP or SMTPS TCP/25 or 465

 

Outgoing ports
Purpose Protocol/Port
FortiAnalyzer OFTP UDP/514
FortiManager SNMP Traps UDP/162
AV/AS Query  
FortiGuard AS Rating UDP/53 or 8888, 8889
AV/AS Update TCP/443
FortiMail Base port for HA heartbeat signal UDP/20000
Synchronization control UDP/20001
File synchronization TCP/20002
Data synchronization TCP/20003
Checksum synchronization TCP/20004
HA service monitoring (remote SMTP) TCP/25
HA service monitoring (remote HTTP) TCP/80
HA service monitoring (remote POP3) TCP/110
HA service monitoring (remote IMAP) TCP/143
Clear Text Central Quarantine TCP/514
SSL Central Quarantine TCP/6514
External Email Server SMTP or SMTPS TCP/25 or TCP/465
Protected Email Server SMTP or SMTPS TCP/25 or TCP/465
POP3 Auth TCP/110
IMAP Auth TCP/143
Others Dyn DNS TCP/80 *
DNS, RBL UDP/53
NTP UDP/123
Alert Email TCP/25
LDAP or LDAPS TCP/389 or TCP/636
RADIUS Auth TCP/1812
NAS TCP/21, TCP/22, TCP/2049
OCSP (for PKI user) TCP/80, or defined by certificate
FortiSandbox / FortiSandbox Cloud Communication TCP/443, TCP/514

* - FortiMail generates outbound traffic and sends an HTTP SYN request via TCP/80. The Fortinet RSS Feed widget provides a convenient display of the latest security advisories and discovered threats from Fortinet. Also, if an email message contains a shortened URI that redirects to another URI, it would cause FortiMail to send an HTTP SYN request to the shortened URI to get the redirected URI.

note icon

Note that FortiMail uses the following URLs to access the FortiGuard Distribution Network (FDN):

  • update.fortiguard.net
  • service.fortiguard.net
  • support.fortinet.com

Furthermore, FortiMail performs these queries and updates listed below using the following ports and protocols:

  • FortiGuard Anti-Spam rating queries: UDP/53, 8888, 8889
  • FortiGuard AntiVirus Push updates: UDP/9443
  • FortiGuard Anti-Spam or AntiVirus updates: TCP/443