FG自发的服务端口.doc

Fortigate自身发起的一些服务端口 以下是Fortigate自身发起的一些服务端口，当Fortigate放在其他设备后面时，要注意在上层设备为Fortigate开放这些端口。Traffic Types and TCP/UDP Ports used by Fortinet ProductsDescriptionThis article lists: The types of traffic that originate from FortiGate units and TCP and UDP ports used by each traffic type. FortiGuard Distribution Network (FDN) services and the TCP and UDP ports that FortiGate, FortiClient, and FortiManager use to connect to the FDN. The TCP and UDP ports on which FortiGate units can be listening for traffic (Listening ports) and accept connections.Components All FortiGate units FortiOS v3.0, v2.80, and v2.50 FortiClient FortiManager v3.0 FortiGuard Distribution Network (FDN)Ports for Originating TrafficNetwork traffic originating from FortiGate units (not passing through FortiGate units) is used for sending log messages to remote log servers, sending SNMP traps, resolving network names using DNS, and so on. ServicePortsSyslog. All FortiOS versions use syslog to send log messages to remote syslog servers. FortiOS v2.80 and v3.0 also use syslog to send log messages to FortiAnalyzer.UDP 514Alert email and quarantine auto submit (using encrypted SMTP email)TCP 25SNMP trapsUDP 162DNS lookupUDP 53NTP synchronizationUDP 123FDN Services and PortsFortiGate units communicate with the FortiGuard Distribution Network (FDN) using the following ports. The ports that FortiClient and FortiManager use to communicate with the FDN are also listed below.ServicePortsFortiOS v3.0 FortiGuard Antivirus updatesTCP 443FortiOS v2.80 FortiGuard Antivirus updatesTCP 443FortiOS v2.50 FortiGuard Antivirus updatesTCP 8890FortiClient FortiGuard Antivirus updatesTCP 80FortiOS v3.0 FortiGuard Web Filtering and AntispamUDP 53 (default) or UDP 8888FortiOS v3.0 FortiGuard Web FilteringUDP 1027 or UDP 1031FortiOS v2.80 FortiGuard Web FilteringUDP 8888FortiOS v2.80 FortiGuard Antispam (FortiShield)UDP 8889FortiManager v3.0 FortiGuard Web Filtering and AntispamTCP 443 and TCP 8890Listening PortsWhen operating with the Factory default configuration, FortiGate units do not accept TCP or UDP connections on any port. The one exception is the default internal interface, which accepts HTTPS connections on TCP port 443. The following table lists the TCP and UDP ports that FortiGate units listen on when you enable various configuration options.ServicePortsTelnet Administrative Access to the CLITCP 23SSH Administrative Access to the CLITCP 22HTTP Administrative Access to the Web-based managerTCP 80HTTPS Administrative Access to the Web-based managerTCP 443Default port to use for override authenticationTCP 443Authentication keepalive and logout. Beginning with FortiOS v3.0 MR2, by default the authentication keepalive and logout ports are closed. When you enable authentication keepalive using the auth-keepalive keyword of the config global CLI command, the FortiGate unit listens on the authentication keepalive and logout ports.TCP 1000 and 1003FortiGuard Distribution Network (FDN) Antivirus and IPS push updatesUDP 9443SS