Skip to main content
JNDias
Staff & Editor
JNDias
Staff & Editor
September 5, 2022

Technical Tip: Use the same interface with 2 IPs for Web admin and SSL-VPN, using both port 443

  • September 5, 2022
  • 0 replies
  • 1043 views
Description This articles describes how to use one interface for Web admin with a secondary IP for VPN, using both the same port 443.
Scope

FortiGate and FortiClient.

Version 7.2.1.
Solution

1) In the interface or Secondary IP where the SSL-VPN is wanted to work, make sure to have the 'HTTPS' disabled in Administrative Access settings.

2) In FortiGate CLI, make the following change:

 

# config vpn ssl setting
    set port-precedence disable
end

 

Enable/disable, Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface.

 

Related documents:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-To-switch-between-admin-login-page-or-SSL-VPN/ta-p/202105

 

https://docs.fortinet.com/document/fortigate/7.2.1/cli-reference/363620/config-vpn-ssl-settings#:~:text=10443-,port%2Dprecedence,-Enable/disable%2C%20Enable

 

https://docs.fortinet.com/document/fortigate/7.2.1/administration-guide/574723/interface-settings

 

Terms & ConditionsAccessibility statement