Incoming ports

Ports and
Product Purpose Configurable
protocols

FortiAnalyzer Syslog, Registration, Quarantine, Log & Report TCP/443

CAPWAP UDP/5246-5247
FortiAP
Hitless HA UDP/5248-5249

Policy Authentication through Captive Portal TCP/1000

FortiAuthenticator
RADIUS Disconnect TCP/3799

UDP/500,
Yes
Remote IPsec VPN UDP/4500

ESP (IP 50)

FortiClient Remote SSL VPN TCP/443 Yes

Remote SSL VPN when DTLS enabled UDP/443 Yes

SSO Mobility Agent, FSSO TCP/8001

Compliance and Security Fabric TCP/8013 Yes

Control channel UDP/5246 Yes

FortiExtender
Data channel UDP/25246 Yes

FortiOS 7.4 Ports 01-740-906583-20241107

Fortinet Inc. 1
Incoming ports

Ports and
Product Purpose Configurable
protocols

ETH Layer 0x8890,

HA Heartbeat
0x8891, 0x8893

TCP/703
HA Synchronization
UDP/703

TCP/22, TCP/80,
Yes
Administrator Access TCP/443

ICMP

FortiGate UDP/500,
Yes
IPsec VPN UDP/4500

ESP (IP 50)

IPsec VPN Forward Error Correction ESP (IP 50)

Unicast Heartbeat for Azure UDP/730

DNS for Azure UDP/53

TCP/8013 Yes
Security Fabric
UDP/8014

FortiGuard IPv4 FGFM tunnel TCP/541

IPv6 FGFM tunnel TCP/542

IPv4 FGFM tunnel TCP/541

FortiManager
IPv6 FGFM tunnel TCP/542

FortiPortal API for communication (FortiOS REST API) TCP/443

FortiToken Mobile Approve/deny response from FortiToken Mobile TCP/4433 Yes

FSSO server FSSO TCP/8001 Yes

FortiOS 7.4 Ports 2

Fortinet Inc.
Incoming ports

Ports and
Product Purpose Configurable
protocols

TCP/22, TCP/80,
Yes
Administrator Access (SSH, HTTPS, HTTP) TCP/443

ICMP

TCP/443,
TCP/8008,
Policy Override Authentication TCP/8010, Yes
Others
TCP/8015,
TCP/8020

TCP/1000,
Policy Override Keepalive
TCP/1003

SSL VPN TCP/443 Yes

ACME service TCP/80, TCP/443

AeroScout Vendor port UDP/1144

RADIUS DAS feature - RFC 5176 UDP/3799

Enabling some services will cause additional standard ports to open as the protocol
necessitates. For example, enabling BGP will open TCP port 179. See View open and in use
ports for more information.

FortiOS 7.4 Ports 3

Fortinet Inc.
Outgoing Ports

Product Purpose Ports and protocols Configurable

Syslog, OFTP, Registration, Quarantine, Log

FortiAnalyzer TCP/514
& Report

CAPWAP UDP/5246-5247
FortiAP
Hitless HA UDP/5248-5249

TCP/389
LDAP, PKI Authentication
UDP/389

RADIUS UDP/1812

FSSO TCP/8000
FortiAuthenticator
RADIUS Accounting UDP/1813

SCEP TCP/80, TCP/443

CRL Download TCP/80

External Captive Portal TCP/443

UDP/5246,
FortiExtender Data port Yes
UDP/25246

ETH Layer 0x8890,

HA Heartbeat
0x8891, 0x8893

TCP/703
HA Synchronization
UDP/703

FortiGate UDP/500, UDP/4500 Yes

IPsec VPN
ESP (IP 50)

IPsec VPN Forward Error Correction ESP (IP 50)

Unicast Heartbeat for Azure UDP/730

DNS for Azure UDP/53

Registration, Quarantine, Log & Report,

TCP/443
Syslog, Contract Validation
FortiGate Cloud
OFTP TCP/514

Management TCP/541

FortiOS 7.4 Ports 4

Fortinet Inc.
Outgoing Ports

Product Purpose Ports and protocols Configurable

AV/IPS update TCP/443, TCP/8890

Cloud Application Database TCP/9582

UDP/53, UDP/8888
FortiGuard Queries TCP/53, TCP/443,
TCP/8888

DNS UDP/53, UDP/8888

Registration TCP/443

Alert Email, Virus sample TCP/25

Management, Firmware, SMS, Licensing,

FortiGuard TCP/443
Policy Override

Central Management, Analysis TCP/541

IPv4 FGFM tunnel TCP/541

IPv6 FGFM tunnel TCP/542

Secure DNS filter TCP/53, TCP/853

IPAM Service TCP/443

IoT Service TCP/443

FortiDDNS TCP/443 Yes

FortiGuard persistent connection for updates

TCP/443
(2U and VM models only)

IPv4 FGFM management TCP/541

IPv6 FGFM management TCP/542

Log & Report TCP/514

UDP/53, UDP/8888
FortiManager AntiSpam, WebFilter queries
TCP/80, TCP/8888

FortiGuard and FortiClient Web Filter and

TCP/8900
Email Filter

Registration for license validation and UTM

TCP/443, TCP/8890
updates (AV, IPS)

FortiSandbox OFTP TCP/514

FortiSwitch FortiLink UDP/5246-5247 Yes

FortiOS 7.4 Ports 5

Fortinet Inc.
Outgoing Ports

Product Purpose Ports and protocols Configurable

Two factor authentication request to

FortiToken Cloud TCP/8686
FortiToken Cloud (ftc.fortinet.com)

Two factor request to push proxy

TCP/443
FortiToken Mobile (push.fortinet.com)

Using FAC, the request is sent to FAC UDP/1812

FSSO FSSO TCP/8001 Yes

email notification TCP/465 Yes

Others netflow collector UDP/2055 Yes

sflow collector UDP/6343 Yes

FortiOS 7.4 Ports 6

Fortinet Inc.
Anycast and unicast services

The following services are accessed by FortiGate:

Service Non-Anycast FQDN addresses Anycast Domain name

FortiGuard Object download update.fortiguard.net globalupdate.fortinet.net

Querying service (web-filtering, anti- securewf.fortiguard.net globalguardservice.fortinet.net

spam ratings) over HTTPS

Querying service (web-filtering, anti- service.fortiguard.net Service only in Unicast

spam ratings) over UDP

Device info Collection Service only in Anycast globaldevcollect.fortinet.net

Device info Query Service only in Anycast globaldevquery.fortinet.net

FortiGate Cloud logging logctrl1.fortinet.com globallogctrl.fortinet.net

FortiGate Cloud management mgrctrl1.fortinet.com globalmgrctrl.fortinet.net

FortiGate Cloud messaging msgctrl1.fortinet.com globalmsgctrl.fortinet.net

FortiGate Cloud sandbox aptctrl1.fortinet.com globalaptctrl.fortinet.net

GUI icon download productapi.fortinet.net globalproductapi.fortinet.net

FortiCare registration directregistration.fortinet.com globalregistration.fortinet.net

Secure DNS sdns.fortinet.net globalsdns.fortinet.net

FortiCloud FortiClient forticlient.fortinet.net globalfctupdate.fortinet.net

FortiMobile Tokens directregistration.fortinet.com globalftm.fortinet.net

EMS cloud forticlient-emsproxy.forticloud.com forticlient-emsproxy.forticloud.com

DDNS ddns.fortinet.net globalddns.fortinet.net

GeoIP gip.fortinet.net globalgip.fortinet.net

FortiOS 7.4 Ports 7

Fortinet Inc.
Change Log

Date Change Description

2024-06-05 Initial release.

2024-02-02 Updated Outgoing Ports on page 4.

2024-07-23 Updated Incoming ports on page 1 and Outgoing Ports on page 4.

2024-07-24 Updated Incoming ports on page 1.

2024-09-29 Updated Incoming ports on page 1.

2024-11-07 Updated Incoming ports on page 1.

FortiOS 7.4 Ports 8

Fortinet Inc.