Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MeoDub
New Contributor

Allow IPSec traffic port 4500

Hello,

 

We have a customer who will be sending us a VPN router to facilitate a connection to their intranet and they have stated that I'll need to allow IPSec traffic on port 4500.  I tried to create a policy for this but quickly remembered I have no idea what I'm doing with these routers.


Here is what I have so far... 

 

There was no service for IPSec, so I tried to create one, which I doubt is the correct way to go.

2024-03-08 11_55_54-FortiGate - 60E_HQ - Brave.png

 

 

I then created a policy:

2024-03-08 11_56_06-FortiGate - 60E_HQ - Brave.png

 

I've tested numerous attempts/iterations of the policy with an online port checker and it's closed.

 

Are these forums my only source of support, or do I have access to vendor support with an active subscription?


Any help is appreciated.  I realize I'm probably leaving out necessary details, my apologies.

5 REPLIES 5
AEK
SuperUser
SuperUser

Hi @MeoDub 

If there is nothing listening behind then the port checker will show you the port is closed.

Once you install the router you should see the port open.

AEK
AEK
MeoDub
New Contributor

Ah, well I guess that makes sense.  I'll wait for the hardware to arrive and go from there.

 


Thank you for the response.

hhasny
Staff
Staff

Hi @MeoDub ,

If you looking for UDP/4500 for IPSec it would be IKE service. The IKE service includes UDP/500 UDP/4500.

 

How exactly the connection would be? Is the traffic initiated from internal to external?

 

regards,

mpeddalla
Staff
Staff

Hello @MeoDub  ,

 

Thank you for contacting the Fortinet Forum portal.

Please check the article below, there are already defined services for the IPsec ports, Make sure if there are any other custom ports they are requesting and add them additionally if required.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Allow-IPsec-VPN-ports-and-protocol-access-...

 

 

Best regards,

Manasa.

 

If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.

Manasa
hbac
Staff
Staff

Hi @MeoDub.,

 

You want to allow port 4500 to another router behind the FortiGate? If yes, you'll need to configure port forwarding using VIP. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configurati...

 

However, it might cause issues as FortiGate itself also uses port 4500 for NAT-T. 

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors