Gui access blocked after upgrade 7.4.9

Forum|Forum|7 months ago
October 16, 2025
3 replies
3022 views

Hi

Fortigate 60F, blocked after upgrade to release 7.4.9.

i can't access via https. Can someone help me to troubleshoot it?

Message:

Secure Connection Failed

An error occurred during a connection to 172.16.1.1:11443. PR_CONNECT_RESET_ERROR

Error code: PR_CONNECT_RESET_ERROR

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

FortiGate

marconet-22Author

Explorer II

Update:

if i change admin-sport it works!

But port 11443, is default password used any service?

BillH_FTNT

Staff

Hi @marconet-22

You can check the TCP port using 11443

dia sys tcpsock | grep ike

YOu can check some documents:

GUI warnings for IKE-TCP port conflicts 7.6.3 | FortiGate / FortiOS 7.6.0 | Fortinet Document Library

Incoming ports | FortiGate / FortiOS 7.6.0 | Fortinet Document Library

Bill

marconet-22Author

Explorer II

Hi Bill

this is the output of diag sys tctpsock | grep 11443

ike-TCP-port:

config system settings
set h323-direct-model enable
set gui-local-in-policy enable
set gui-dynamic-routing enable
set gui-sslvpn enable
set ike-tcp-port 31443
end

hpenmetsa

Staff

Hi,
Could you please confirm from which previous firmware version you upgraded to 7.4.9? Please verify if port conflict between TCP 443 and the IKE TCP port. Starting from FortiOS version 7.4.2, a proprietary solution was introduced to enable the encapsulation of Encapsulating Security Payload (ESP) packets within TCP headers, and this allows ESP packets to use a specific TCP port.
Please refer to the document below for more information.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-TCP-as-transport-for-IKE-IPsec-traffic/ta-p/300834#:~:text=Verification%20of%20the%20IKE%20listening%20port%20from%20tcpsock.