Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jadeltoro
New Contributor III

Created on ‎10-10-2023 04:09 AM

Block telnet access to VPN

Hi.


I have disabled from being able to ping my public IP.

 

Please, I wanted to know if it would also be possible to not be able to telnet to the public IP and port that I have open for VPN. If not, does this represent a security risk?

 

Thank you.

Labels:
829
0 Kudos
1 REPLY 1
srajeswaran
Staff
Staff

Created on ‎10-10-2023 04:33 AM

I believe you are asking about doing telnet to port 443 (the SSL VPN port) and not the telnet to device (port 23). If you are asking about normal telnet , you can disable the same as suggested in following document - https://docs.fortinet.com/document/fortigate/6.2.0/new-features/46903/telnet-disabled-option

If your question is about telnet to port 443, we cannot disable it. The reason is for Telnet and SSL connection the first packet is a TCP SYN on port 443 and the firewall will respond with SYN-ACK as the service (VPN) is enabled. From the TCP handshake packets the firewall cannot determine if it is telnet or VPN negotiation. It is the case with telnet to any application service.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
815
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.