Hello,
We have a customer who will be sending us a VPN router to facilitate a connection to their intranet and they have stated that I'll need to allow IPSec traffic on port 4500. I tried to create a policy for this but quickly remembered I have no idea what I'm doing with these routers.
Here is what I have so far...
There was no service for IPSec, so I tried to create one, which I doubt is the correct way to go.
I then created a policy:
I've tested numerous attempts/iterations of the policy with an online port checker and it's closed.
Are these forums my only source of support, or do I have access to vendor support with an active subscription?
Any help is appreciated. I realize I'm probably leaving out necessary details, my apologies.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @MeoDub
If there is nothing listening behind then the port checker will show you the port is closed.
Once you install the router you should see the port open.
Ah, well I guess that makes sense. I'll wait for the hardware to arrive and go from there.
Thank you for the response.
Hi @MeoDub ,
If you looking for UDP/4500 for IPSec it would be IKE service. The IKE service includes UDP/500 UDP/4500.
How exactly the connection would be? Is the traffic initiated from internal to external?
regards,
Hello @MeoDub ,
Thank you for contacting the Fortinet Forum portal.
Please check the article below, there are already defined services for the IPsec ports, Make sure if there are any other custom ports they are requesting and add them additionally if required.
Best regards,
Manasa.
If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
Hi @MeoDub.,
You want to allow port 4500 to another router behind the FortiGate? If yes, you'll need to configure port forwarding using VIP. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configurati...
However, it might cause issues as FortiGate itself also uses port 4500 for NAT-T.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.