Communications between the FortiWeb appliance, clients, protected web servers, and FortiGuard Distribution Network (FDN) require that any routers and firewalls between them permit specific protocols and port numbers.
The following tables list the default port assignments used by FortiWeb.
| Protocol | Purpose | |
|---|---|---|
| N/A | ARP | HA failover of network interfaces. See HA heartbeat & synchronization. |
| N/A | ICMP |
Server health checks. See Configuring server up/down checks.
|
| 21 | TCP |
Anti-defacement backup and restoration (FTP). See Anti-defacement. FTP configuration backup. See To back up the configuration via the web UI to an FTP/SFTP server. |
| 22 | TCP |
Anti-defacement backup and restoration (SSH/SCP). See Anti-defacement. SFTP configuration backup. See To back up the configuration via the web UI to an FTP/SFTP server. |
| 25 | TCP | SMTP for alert email. See Configuring email settings. |
| 53 | UDP | DNS queries. See Configuring DNS settings. |
| 69 | UDP | TFTP for backups, restoration, and firmware updates. See commands such as execute backup or execute restore in the FortiWeb CLI Reference. |
| 80 | TCP | Server health checks. See Configuring server up/down checks. |
| 123 | UDP | NTP synchronization. See Setting the system time & date. |
| 137, 138, 139 | UDP | Anti-defacement backup and restoration (Windows-style share). See Anti-defacement. |
| 162 | UDP | SNMP traps. See SNMP traps & queries. |
| 389 | TCP | LDAP authentication queries. See Configuring LDAP queries. |
| 443 | TCP |
FortiGuard service polling and update downloads. See Connecting to FortiGuard services. Server health checks. See Configuring server up/down checks. |
| 445 | TCP |
NTLM authentication queries. See Configuring NTLM queries. Anti-defacement backup and restoration (Windows-style share). See Anti-defacement. |
| 514 | UDP | Syslog. See Configuring logging. |
| 636 | TCP | LDAPS authentication queries.See Configuring LDAP queries. |
| 1812 | UDP | RADIUS authentication queries. See Configuring RADIUS queries. |
| 6055 | Proprietary protocol | HA heartbeat. Layer 2 multicast. See HA heartbeat & synchronization. |
| 6066 | Proprietary protocol | HA configuration synchronization. Layer 2 unicast. See HA heartbeat & synchronization. |
| 8333 | TCP | Configuration replication. See Replicating the configuration without FortiWeb HA (external HA). |
| Protocol | Purpose | |
|---|---|---|
| N/A | ICMP | ping and traceroute responses. See Configuring the network interfaces. |
| 22 | TCP | SSH administrative CLI access. See Configuring the network interfaces. |
| 23 | TCP | Telnet administrative CLI access. See Configuring the network interfaces. |
| 80 | TCP |
HTTP administrative web UI access. See Configuring the network interfaces and How to use the web UI. Predefined HTTP service. Only occurs if the service is used by a policy. See Predefined services. |
| 161 | UDP | SNMP queries. See Configuring an SNMP community and Configuring the network interfaces. |
| 443 | TCP |
HTTPS administrative web UI access. Only occurs if the destination address is a network interface’s IP address. See Configuring the network interfaces and How to use the web UI. Predefined HTTPS service. Only occurs if the service is used by a policy, and if the destination address is a virtual server or bridged connection. See Predefined services. |
| 8333 | TCP | Configuration replication. See Replicating the configuration without FortiWeb HA (external HA). |
| 6055 | UDP | HA heartbeat. Layer 2 multicast. See HA heartbeat & synchronization. |
| 6056 | UDP | HA configuration synchronization. Layer 2 multicast. See HA heartbeat & synchronization. |