- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- SSL VPN on port 80
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL VPN on port 80
Can' t I change the default 10443 port to 80?
For whatever reason, when I change the setting, I get no response when I try to connect. There must be a way to SSL VPN to the box without having to specify the port in the URL?
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is happening on two different boxes:
4.2.10
and
4.3.5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Changed it to 443. Appears to be working. Although some of the older documentation says that is a bad idea, I don' t find that same thing in the new documentation. Anyone know of any draw backs to using this? Other than the security by obscurity part?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A question. You have over 65000 ports. Why use a well known one? What if you want to add a secure web server down the road...
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Most of the end users aren' t familiar with using ports. This reduces support calls.
I understand the logic behind using another port, makes total sense to me. And its just another layer of the defense in-depth. But we have to pick our battles, and this just isn' t one worth fighting.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Of course there is an obvious drawback.
If you use one of the standard ports 80 or 443 you lose the ability to remote-manage the Fortigate itself UNLESS you move the admin ports first.
Second, as common web servers use these ports common web server attacks almost exclusively attack only ports 80 and 443. You' ll see that in the logs.
I can' t see the advantage for your users either. You' ve got to give them the exact URL anyway, in your current setup the ' https://...' or they won' t find it. As users bookmark everything they won' t bother memorizing the URL anyway. Just my 2 cents...
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
one advantage of common ports is that almost all hotels and airports or whatever, allow port 80 and 443, and if you got " road warriors" you would want them to connect from all places.
one more thing,
you dont need to change the port 10443, leave it alone, and do a VIP instead, WAN1 on port 443 -> WAN1 on port 10443 (and of course choose another IP than the interface IP)
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: Selective one more thing, you dont need to change the port 10443, leave it alone, and do a VIP instead, WAN1 on port 443 -> WAN1 on port 10443 (and of course choose another IP than the interface IP)Could you expand on that a bit? We are dealing with a US federal government agency and they need to VPN into us to retrieve data and are complaining about the 10443 requirement. The Fortinet documentation states:
Do not select port number 443 for user access to the web portal login page. Port number 443 is reserved to support administrative connections to the FortiGate unit through the web-based manager.So I' m hesitant to move it to 443.
-TJ
-TJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you disable HTTPS access to the GUI from the outside, then I see no problem. Some folks here only administer the FGT from a VPN tunnel, so that would work.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: Selective one more thing, you dont need to change the port 10443, leave it alone, and do a VIP instead, WAN1 on port 443 -> WAN1 on port 10443 (and of course choose another IP than the interface IP)What do you mean with choosing another IP than the Interface IP? Can' t I make a VIP from 443 to 10443 and use the wan IP?
1 FGT320B, 1 FGT200B, 1 FGT110C, 1 FGT60C, 3 FGT50B, 3FAP220A.
4.0MR3P7 and 4.0MR2P11
1 FGT320B, 1 FGT200B, 1 FGT110C, 1 FGT60C, 3 FGT50B, 3FAP220A. 4.0MR3P7
and 4.0MR2P11
Related Posts
- Help Needed: DDNS Not Working and... 161 Views
- NAC - wired switchport default VLANs... 72 Views
- FortiAP 231F not connecting to FG 136 Views
- FortiAP offline/disconnected 55 Views
- Fortigate GUI not opening 361 Views
Labels
-
FortiGate
6,909 -
FortiClient
1,364 -
5.2
801 -
5.4
639 -
FortiManager
597 -
FortiAnalyzer
435 -
6.0
416 -
5.6
362 -
FortiAP
361 -
FortiSwitch
357 -
FortiClient EMS
278 -
FortiMail
269 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
168 -
6.4
128 -
FortiNAC
120 -
FortiGuard
110 -
IPsec
96 -
FortiGateCloud
91 -
FortiSIEM
91 -
FortiCloud Products
85 -
SSL-VPN
82 -
FortiToken
75 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
FortiEDR
42 -
SD-WAN
41 -
Fortivoice
41 -
FortiDNS
36 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
VLAN
27 -
High Availability
27 -
FortiAuthenticator
26 -
FortiConnect
24 -
FortiWAN
23 -
FortiConverter
21 -
ZTNA
20 -
DNS
18 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
SAML
17 -
FortiGate v5.2
17 -
LDAP
17 -
Certificate
17 -
BGP
16 -
VDOM
16 -
FortiMonitor
14 -
Interface
14 -
Logging
14 -
Authentication
13 -
FortiGate v5.0
13 -
FortiLink
13 -
Routing
13 -
FortiCASB
13 -
FortiDDoS
13 -
NAT
11 -
RADIUS
10 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Fortigate Cloud
9 -
4.0MR2
9 -
SSID
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
IP address management - IPAM
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
FortiBridge
7 -
WAN optimization
7 -
SNMP
7 -
Web profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Traffic shaping policy
6 -
Web application firewall profile
6 -
Proxy policy
5 -
Packet capture
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Antivirus profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 983 | |
| 819 | |
| 446 | |
| 440 | |
| 130 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.