Skip to main content
droktor
droktor
Explorer
December 20, 2022
Solved

VPN IPSEC Wizard

  • December 20, 2022
  • 2 replies
  • 4374 views

Hi guys, just a simple question :

 

My Fortigate 90D,  under VPN Creation Wizard, STEP 2 , when asking for IP Address, it wouldn't let me input a port as we are using xxx.xxx.xxx.xxx:444

 

Is there a way to add a port to this IP address

 

droktor_0-1671514641402.png

 

Thanks in advance

 

Best answer by ede_pfau

Well, then you're out of luck. Shifting the IKE/IPsec port is IMHO quite uncommon, and a very new feature for FortiOS as well.

 

IF you had a newer FGT then I would point out to you that in recent FortiOS an SSLVPN client was included, so you could do site-to-site SSLVPN...but I won't.

2 replies

Mohamed_Gaber
Mohamed_Gaber
Explorer III
December 20, 2022

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/33578/configurable-ike-port

 

To set the IKE port:
config system settings
set ike-port 6000
end

alif
Staff
alif
Staff
December 20, 2022

This option is only available on FortiOS 7.0 version.

Fortigate-90D can't be upgraded to FortiOS 6.2 or later versions.

droktor
droktorAuthor
Explorer
December 20, 2022

I am on version 6.0.15

ede_pfau
SuperUser
ede_pfau
SuperUser
December 20, 2022

I think you mix up IPsec VPN and SSLVPN. The custom port looks like you want to use it with SSLVPN.

 

Yes, in FortiOS v7.0, there is a new option to use a custom port for the IKE and IPsec protocols when using NAT (default: ike/500, ipsec/4500). Both protocols will use the custom port. This might help if IPsec standard ports are blacklisted by the ISP, but if there is censorship, it will use whitelisting and thus port relocation won't help at all.

If you go this way, check that the VPN client can use the custom port.

droktor
droktorAuthor
Explorer
December 20, 2022

Thank you, well not actually a mix up, just need to connect my 90D as a client of a cisco vpn but company uses port 444 which does not allow me to input on configuration :(

 

90D SSLVPN server works like a charm from an outside to my home.

 

 

ede_pfau
SuperUser
ede_pfauAnswer
SuperUser
December 20, 2022

Well, then you're out of luck. Shifting the IKE/IPsec port is IMHO quite uncommon, and a very new feature for FortiOS as well.

 

IF you had a newer FGT then I would point out to you that in recent FortiOS an SSLVPN client was included, so you could do site-to-site SSLVPN...but I won't.

Terms & ConditionsAccessibility statement