Appendix A: Port numbers

Appendix A: Port numbers

Communications between the FortiWeb appliance, clients, protected web servers, and FortiGuard Distribution Network (FDN) require that any routers and firewalls between them permit specific protocols and port numbers.

The following tables list the default port assignments used by FortiWeb.

Default ports used by FortiWeb for outgoing traffic
  Protocol Purpose
N/A ARP HA failover of network interfaces. See HA heartbeat & synchronization.
N/A ICMP

Server health checks. See Configuring server up/down checks.

execute ping and execute traceroute. See the FortiWeb CLI Reference.

21 TCP

Anti-defacement backup and restoration (FTP). See Anti-defacement.

FTP configuration backup. See To back up the configuration via the web UI to an FTP/SFTP server.

22 TCP

Anti-defacement backup and restoration (SSH/SCP). See Anti-defacement.

SFTP configuration backup. See To back up the configuration via the web UI to an FTP/SFTP server.

25 TCP SMTP for alert email. See Configuring email settings.
53 UDP DNS queries. See Configuring DNS settings.
69 UDP TFTP for backups, restoration, and firmware updates. See commands such as execute backup or execute restore in the FortiWeb CLI Reference.
80 TCP Server health checks. See Configuring server up/down checks.
123 UDP NTP synchronization. See Setting the system time & date.
137, 138, 139 UDP Anti-defacement backup and restoration (Windows-style share). See Anti-defacement.
162 UDP SNMP traps. See SNMP traps & queries.
389 TCP LDAP authentication queries. See Configuring LDAP queries.
443 TCP

FortiGuard service polling and update downloads. See Connecting to FortiGuard services.

Server health checks. See Configuring server up/down checks.

445 TCP

NTLM authentication queries. See Configuring NTLM queries.

Anti-defacement backup and restoration (Windows-style share). See Anti-defacement.

514 UDP Syslog. See Configuring logging.
636 TCP LDAPS authentication queries.See Configuring LDAP queries.
1812 UDP RADIUS authentication queries. See Configuring RADIUS queries.
6010 TCP HA configuration synchronization. See HA heartbeat & synchronization.
6055 Proprietary protocol HA heartbeat. Layer 2 multicast. See HA heartbeat & synchronization.
955 TCP Configuration replication. See Replicating the configuration without FortiWeb HA (external HA).
Default ports used by FortiWeb for incoming traffic (listening)
  Protocol Purpose
N/A ICMP ping and traceroute responses. See Configuring the network interfaces.
22 TCP SSH administrative CLI access. See Configuring the network interfaces.
23 TCP Telnet administrative CLI access. See Configuring the network interfaces.
80 TCP

HTTP administrative web UI access. See Configuring the network interfaces and How to use the web UI.

Predefined HTTP service. Only occurs if the service is used by a policy. See Predefined services.

161 UDP SNMP queries. See Configuring an SNMP community and Configuring the network interfaces.
443 TCP

HTTPS administrative web UI access. Only occurs if the destination address is a network interface’s IP address. See Configuring the network interfaces and How to use the web UI.

Predefined HTTPS service. Only occurs if the service is used by a policy, and if the destination address is a virtual server or bridged connection. See Predefined services.

8333 TCP Configuration replication. See Replicating the configuration without FortiWeb HA (external HA).
6055 UDP HA heartbeat. Layer 2 multicast. See HA heartbeat & synchronization.
6056 UDP HA configuration synchronization. Layer 2 multicast. See HA heartbeat & synchronization.