Appendix A: Port numbers
 
Appendix A: Port numbers
Communications between the FortiWeb appliance, clients, protected web servers, and FortiGuard Distribution Network (FDN) require that any routers and firewalls between them permit specific protocols and port numbers.
The following tables list the default port assignments used by FortiWeb.
Table 69: Default ports used by FortiWeb for outgoing traffic
Port number
Protocol
Purpose
N/A
ARP
HA failover of network interfaces. See “HA heartbeat & synchronization”.
N/A
ICMP
Server health checks. See “Configuring server up/down checks”.
execute ping and execute traceroute. See the FortiWeb CLI Reference.
21
TCP
Anti-defacement backup and restoration (FTP). See “Anti-defacement”.
22
TCP
Anti-defacement backup and restoration (SSH/SCP). See “Anti-defacement”.
25
TCP
SMTP for alert email. See “Configuring email settings”.
53
UDP
DNS queries. See “Configuring DNS settings”.
69
UDP
TFTP for backups, restoration, and firmware updates. See commands such as execute backup or execute restore in the FortiWeb CLI Reference.
80
TCP
Server health checks. See “Configuring server up/down checks”.
123
UDP
NTP synchronization. See “Setting the system time & date”.
137, 138, 139
UDP
Anti-defacement backup and restoration (Windows-style share). See “Anti-defacement”.
162
UDP
SNMP traps. See “SNMP traps & queries”.
389
TCP
LDAP authentication queries. See “Configuring LDAP queries”.
443
TCP
FortiGuard service polling and update downloads. See “Connecting to FortiGuard services”.
Server health checks. See “Configuring server up/down checks”.
445
TCP
NTLM authentication queries. See “Configuring NTLM queries”.
Anti-defacement backup and restoration (Windows-style share). See “Anti-defacement”.
514
UDP
Syslog. See “Configuring logging”.
636
TCP
LDAPS authentication queries.See “Configuring LDAP queries”.
1812
UDP
RADIUS authentication queries. See “Configuring RADIUS queries”.
6055
UDP
HA heartbeat. Layer 2 multicast. See “HA heartbeat & synchronization”.
6066
UDP
HA configuration synchronization. Layer 2 multicast. See “HA heartbeat & synchronization”.
8333
TCP
Configuration replication. See “Replicating the configuration without FortiWeb HA (external HA)”.
Table 70: Default ports used by FortiWeb for incoming traffic (listening)
Port number
Protocol
Purpose
N/A
ICMP
ping and traceroute responses. See “Configuring the network interfaces”.
22
TCP
SSH administrative CLI access. See “Configuring the network interfaces”.
23
TCP
Telnet administrative CLI access. See “Configuring the network interfaces”.
80
TCP
HTTP administrative web UI access. See “Configuring the network interfaces” and “How to use the web UI”.
Predefined HTTP service. Only occurs if the service is used by a policy. See “Predefined services”.
161
UDP
SNMP queries. See “Configuring an SNMP community” and “Configuring the network interfaces”.
443
TCP
HTTPS administrative web UI access. Only occurs if the destination address is a network interface’s IP address. See “Configuring the network interfaces” and “How to use the web UI”.
Predefined HTTPS service. Only occurs if the service is used by a policy, and if the destination address is a virtual server or bridged connection. See “Predefined services”.
8333
TCP
Configuration replication. See “Replicating the configuration without FortiWeb HA (external HA)”.
6055
UDP
HA heartbeat. Layer 2 multicast. See “HA heartbeat & synchronization”.
6056
UDP
HA configuration synchronization. Layer 2 multicast. See “HA heartbeat & synchronization”.