Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
marconet-22
New Contributor III

Created on ‎10-16-2025 03:23 AM

Gui access blocked after upgrade 7.4.9

Hi

Fortigate 60F, blocked after upgrade to release 7.4.9.

i can't access via https. Can someone help me to troubleshoot it?

Message: 

Secure Connection Failed

An error occurred during a connection to 172.16.1.1:11443. PR_CONNECT_RESET_ERROR

Error code: PR_CONNECT_RESET_ERROR

  • The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  • Please contact the website owners to inform them of this problem.
Labels:
486
0 Kudos
8 REPLIES 8
marconet-22
New Contributor III

Created on ‎10-16-2025 06:03 AM

Update:

if i change admin-sport it works!

But port 11443, is default password used any service?

462
0 Kudos
BillH_FTNT
Staff
Staff
In response to marconet-22

Created on ‎10-18-2025 05:28 PM

Hi @marconet-22 

You can check the TCP port using 11443

dia sys tcpsock | grep ike

 

YOu can check some documents:

GUI warnings for IKE-TCP port conflicts 7.6.3 | FortiGate / FortiOS 7.6.0 | Fortinet Document Librar...

Incoming ports | FortiGate / FortiOS 7.6.0 | Fortinet Document Library

 

Bill

 

 

420
0 Kudos
marconet-22
New Contributor III
In response to BillH_FTNT

Created on ‎10-20-2025 02:55 AM

Hi Bill

this is the output of diag sys tctpsock | grep 11443

 

image.png

ike-TCP-port:

config system settings
set h323-direct-model enable
set gui-local-in-policy enable
set gui-dynamic-routing enable
set gui-sslvpn enable
set ike-tcp-port 31443
end

 

 

371
0 Kudos
BillH_FTNT
Staff
Staff
In response to marconet-22

Created on ‎10-20-2025 09:55 AM

Hi @marconet-22 

when you set ike-tcp-port 31443, it should not conflict with ike port 11443. 

So the GUI should be okay.

Thanks

Bill

335
0 Kudos
marconet-22
New Contributor III
In response to BillH_FTNT

Created on ‎10-22-2025 01:39 AM Edited on ‎10-22-2025 01:41 AM

Fortiget support assist me and write me that port 11443 is a port that ike daemon is in listening instead ike-tcp port. I haven't fortigate in release 7.6. Can someone test it?, if port 11443 is used about it?

277
0 Kudos
hpenmetsa
Staff
Staff

Created on ‎10-18-2025 10:11 PM

Hi,
Could you please confirm from which previous firmware version you upgraded to 7.4.9? Please verify if port conflict between TCP 443 and the IKE TCP port. Starting from FortiOS version 7.4.2, a proprietary solution was introduced to enable the encapsulation of Encapsulating Security Payload (ESP) packets within TCP headers, and this allows ESP packets to use a specific TCP port. 
Please refer to the document below for more information.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-TCP-as-transport-for-IKE-IPsec-....

404
0 Kudos
marconet-22
New Contributor III
In response to hpenmetsa

Created on ‎10-20-2025 02:56 AM

Hi

upgrade from 7.4.8 to 7.4.9 and ike tcp port doesn't in conflict with gui https port.

image.png

369
0 Kudos
rosatechnocrat
Contributor III

Created on ‎10-18-2025 10:35 PM

it means some new port has been introduced in version 7.4.9 which is conflicting. 

 

You can verify the services listening by using command "diag sys tcpsock"

Rosa Technocrat --

Also on YouTube---

Please do Subscribe
Rosa Technocrat --Also on YouTube---Please do Subscribe
397
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.