Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
_mribwan
Staff
Staff

Created on ‎09-04-2023 01:53 AM

Article Id 271688

Technical Tip: Collector agent sending traffic to port 139 / 445 / 389

Description This article describes that the collectoragent.exe (FSSO) sends traffic to port 139 / 445 / 389 to the user IP (internal or external IP address).
Scope FSSO, FortiGate, collecteragent.exe.
Solution

Refer to the following truncated pcap where:

 

FSSO IP is 10.59.x.x (Source).

The client IP is 10.48.x.x (Destination).

 

pcap1.png

 

It can be seen that the collector agent is trying to send traffic to the client via port 139 / 445 / 389.

 

This is an expected behavior for workstation checks, and it is done whether the client has an internal or external IP address. It will check port 139 445 or 389 to see if the workstation is online.

 

Related article:

Technical Tip: Explanation of FSSO timers.

 

2325
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.