Contributor

Technical Tip: Ports that FortiSIEM utilizes

Description

This article describes which ports FortiSIEM utilizes.

Scope

FortiSIEM, all versions.

Solution

The following ports are used by FortiSIEM to discover devices, pull metrics, and process event logs:

Ports	Services	Super	Worker	Collector
UDP/514	UDP syslog	x	x	x
TCP/1470	TCP syslog	x	x	x
UDP/2055	netflow	x	x	x
TCP/22	ssh	x	x	x
TCP/5480	HTTP Registration			x
ICMP		x	x	x
TCP/21	FTP (Receiving Bluecoat logs via ftp)	x	x	x
TCP/5432	postgresql	x
UDP/111, TCP/111	NFS portmapper	x	x
TCP/7900	phMonitor	x	x
TCP/7914	phParser	x	x
TCP/7916	phQueryWorker	x	x
TCP/7918	phQueryMaster	x	x
TCP/7920	phDataManager	x	x
TCP/7922	phRuleMaster	x	x
TCP/7924	phRuleWorker	x	x
TCP/7926	phAgentManager	x	x
TCP/7928	phDiscover	x	x
TCP/7930	phCheckpoint	x	x
TCP/7932	phReportWorker	x	x
TCP/7934	phReportMaster	x	x
TCP/7936	phEventPackager	x	x
TCP/7938	phIpIdentityMaster	x	x
TCP/7940	phIpIdentityWorker	x	x
TCP/110	POP3	x
TCP/135	WMI	x	x	x
TCP/143	IMAP	x
UDP/161	SNMP	x	x	x
UDP/162	SNMP TRAP	x	x	x
TCP/389	LDAP	x	x	x
TCP/443	HTTPS	x	x	x
TCP/993	IMAP/SSL	x
TCP/995	POP/SSL	x
TCP/1433	JDBC	x	x	x
UDP/8686	JMX	x	x	x
TCP/18184	Checkpoint LEA	x	x	x
TCP/18190	Checkpoint CPMI Port	x	x	x

Sign up