Fortinet used portno's

-
FortiOS ports
In the TCP and UDP stacks, there are 65 535 ports available for applications to use when communicating with each other. Many of these ports are commonly known to be associated with specific applications or protocols. These known ports can be useful when troubleshooting your network.

Use the following ports while troubleshooting the FortiGate device:

Port(s) Functionality
UDP 53 DNS lookup, RBL lookup
UDP 53 or UDP 8888 FortiGuard Antispam or Web Filtering rating lookup
UDP 53 (default) or UDP 8888 and UDP 1027 or UDP 1031 FDN Server List - source and destination port numbers vary by originating or reply traffic. See the article “How do I troubleshoot performance issues when FortiGuard Web Filtering is enabled?” in the Knowledge Base.
UDP 123 NTP Synchronization
UDP 162 SNMP Traps
UDP 514 SYSLOG - All FortiOS versions can use syslog to send log messages to remote syslog servers. FortiOS v2.80 and v3.0 can also view logs stored remotely on a FortiAnalyzer unit.
TCP 22 Configuration backup to FortiManager unit or FortiGuard Analysis and Management Service.
TCP 25 SMTP alert email, encrypted virus sample auto-submit
TCP 389 or TCP 636 LDAP or PKI authentication
TCP 443 FortiGuard Antivirus or IPS update - When requesting updates from a FortiManager unit instead of directly from the FDN, this port must be reconfigured as TCP 8890.
TCP 443 FortiGuard Analysis and Management Service
TCP 514 FortiGuard Analysis and Management Service log transmission (OFTP)
TCP 541 SSL Management Tunnel to FortiGuard Analysis and Management Service (FortiOS v3.0 MR6 or later)
TCP 514 Quarantine, remote access to logs and reports on a FortiAnalyzer unit, device registration with FortiAnalyzer units (OFTP)
TCP 1812 RADIUS authentication
TCP 8000 and TCP 8002 FSSO
TCP 10151 FortiGuard Analysis and Management Service contract validation
FortiAnalyzer/FortiManager ports
If you have a FortiAnalyzer unit or FortiManager unit on your network you may need to use the following ports for troubleshooting network traffic.

Functionality Port(s)
DNS lookup UDP 53
NTP synchronization UDP 123
Windows share UDP 137-138
SNMP traps UDP 162
Syslog, log forwarding UDP 514
Log and report upload TCP 21 or TCP 22
SMTP alert email TCP 25
User name LDAP queries for reports TCP 389 or TCP 636
RVS update TCP 443
RADIUS authentication TCP 1812
Log aggregation client TCP 3000

Comments

Post a Comment

Popular posts from this blog

Configure Telnet/SSH Access to Device with VRF's

-
Image
Introduction This document describes the configuration of device access with Telnet or Secure Shell (SSH) across a Virtual Routing and Forwarding (VRF). Background Information In IP-based computer networks, VRF is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time. Because the routing instances are independent, the same or overlapping IP addresses can be used without any conflict with each other. Network functionality is improved because network paths can be segmented without the requirement of multiple routers. VRF might be implemented in a network device by distinct routing tables known as Forwarding Information Bases (FIBs), one per routing instance. Alternatively, a network device may have the ability to configure different virtual routers, where each one has its own FIB that is not accessible to any other virtual router instance on the same device. Telnet is an application layer protocol used on the Intern
Read more

BGP VPNv4 Troubleshooting Commands .

-
Image
Let's do it,,,, When working with MPLs Layer 3 VPN a lot of people get stuck with the verification, simply because they don’t know the bgp vpnv4 troubleshooting commands. This post will step through some of the verification you can use to verify the routes end to end through a simple MPLS Layer 3 vpn topology. The topology I will be using is below and is a very simple 3 router core with one vrf  and ospf being the CE to PE protocol on each side. I have created vrf ONE on Router 3 and on Router 5, OSPF 1 Area 0 is running between R3,R4,R5 and R3 is peering with MP-BGP to R5 All your troubleshooting commands will now need to include vpnv4 and the commands do get quite long. Here are my top bgp vpnv4 troubleshooting commands. BGP VPNv4 troubleshooting commands Before we start with the troubleshooting commands lets just verify everything is working, I will jump onto R1 and ping R6 loopback 1 2 3 4 5 6 7 R1 #ping 6.6.6.6 Type escape seq
Read more

Qos detailed notes on cisco

-
Image
QoS Notes QOS: The TX-ring (hardware queue) is always FIFO. Use  show controller | i tx_limit. Queuing & Shaping can only be applied in an  outbound  direction to an interface. Policing can be applied  inbound  or  outbound  direction to an interface. If ACL does not exists, it is  match-all  traffic. cache-flow, is taken BEFORE any packet markings   Local marking won’t show on the router, except one hop away. DSCP: IP   precedence   6 and 7 should not be used according to Cisco Systems. It's used for control plane packets, protocol update, etc by the routing protocols. DSCP Binary Dec. IP Precedence comments Default 000000 0 routine CS1 001000 8 priority AF11 001010 10 AF12 001100 12 AF13 001110 14 CS2 010000 16 immediate AF21 010010 18 AF22 010100 20 AF23 010110 22 CS3 011000 24 flash Voice/ Video Signaling A
Read more