FortiClient login interface is running on 11443/TCP, as expected. A scan also identified 80/TCP open and forwarding to 11443/TCP. Is it necessary for port 80 to be open for VPN functionality? And if not, can port 80 be turned off and still have VPN functionality on 11443/TCP?
Have you disabled the http allowance in the WAN interface?
Do you use Let's encrypt certs for VPN? If yes then this is expected as ACME service uses port 80 on the WAN interface.
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/822087/acme-certificate-support
User | Count |
---|---|
1926 | |
1144 | |
770 | |
447 | |
282 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.