FortiSandbox open ports
Incoming ports | ||
---|---|---|
Purpose | Protocol/Port | |
FortiGate | OFTP | TCP/514 |
FortiClient | File analysis | TCP/514 |
Others | SSH CLI Management | TCP/22 |
Telnet CLI Management | TCP/23 | |
Web Admin | TCP/80, TCP/443 | |
OFTP Communication with FortiGate & FortiMail | TCP/514 | |
Third-party proxy server for ICAP servers |
ICAP: TCP/1344 ICAPS: TCP/11344 |
Outgoing ports | ||
---|---|---|
Purpose | Protocol/Port | |
FortiGuard (FortiSandbox will use a random port picked by the kernel) |
FortiGuard Distribution Servers | TCP/8890 |
FortiGuard Web Filtering Servers | UDP/53, UDP/8888 | |
FortiSandbox Community Cloud (FortiSandbox will use a random port picked by the kernel) |
Upload detected malware information | TCP/443, UDP/53 |
Note that FortiSandbox uses the following FQDNs to access the FortiSandbox Community Cloud, depending on which protocol and port is used:
|
Services and port numbers required for FortiSandbox
The tables above show all the services required for FortiSandbox to function correctly. You can use the diagnostic FortiSandbox command test-network
to verify that all the services are allowed by the upstream. If the result is Passed
, then there is no issue. If there is an issue with a specific service, it will be shown in the command output, and inform you which port needs to be opened.
This command checks:
- VM Internet access
- Internet connection
- System DNS resolve speed
- VM DNS resolve speed
- Ping speed
- Wget speed
- Web Filtering service
- FortiSandbox Community Cloud service