I have two offices with a point to point MPLS for intranet. I dont need any wan remote managements like http, https or ssh as I can always access the internal network through another office. But I tried to switch the ports for https and SSL-VPN, but fortigate 60am not allows me to do that. Second: I am using https webmail. if I switch the 443 port to ssl vpn, the exchange webmail still working? Thanks,

I have just tried to do this in my test lab and get an error. I think this is being caused by the definition of HTTPS in Firewall->Service->Pre-defined. Going in through the CLI it would appear that you cannot adjust this. It is probably not best to pursue this to avoid experiencing any issues with your webmail if it is routed through your Fortigate device, changing the HTTPS port could have serious consequences for accessing such a service. Sadly, I think this is Fortigates way of increasing security by not using the default SSL port for the SSLVPN. Also you state that ' you have a point to point link between the offices' . If this is the case can I ask why you are concerned about what would be blocked? Do you, or your company, not administer the routers/firewalls that link your offices?

Most of our colleauges need to travel oversea. They complained about blocked pptp vpn in the hotel or customer' s office. If I use default 443, then the system admin cannot block it. Everybody needs this for internet.

But when they initiate the request from their hotel, their request is a HTTPS one (https://yourdnsname:10443/remote), so it will start with 443, which is allowed out. Port 10443 is what the Fortigate is listening on for your SSL connection. So I do not believe it will be blocked. Yes it is a small annoyance having to enter this each time, but it is another layer of security for you and your company. It will take somebody longer to discover this, than if you SSL portal automatically directed to port 443.

Thanks. I thought https://xxxx:10443 means going out with port 10443. If the admin blockes the 10443, then the user cannot use the ssl vpn.

Sorry...I did not mean that by typing https://address:10443/remote that you would be taken their automatically by a redirect....I appreciate the port is important...I thought Fysong was stating he was concerned it would be blocked...I was just pointing out that I doubted it would be being a https connection.. As for the other point please accept my apologies, I tested logging in using http, then adjusting the port number, but got an error.

Thanks all. Darrencarr was right: I only want to use ssl vpn on the wan port. I already diabled the admingui. And same result like darrencarr, I cannot set the ssl-vpn port to 443. Also I have an owa outside( headquarter in Germany), my concern is: If I can use the ssl vpn with port 443, can I still access outside OWA? It should be no problem, but I want some theoric answers. Thanks a lot.

fsyong, I am not too familiar with OWA, but I will say that I believe it will still work. If you are connecting from a host behind the firewall, to the HQ in Germany it should still work as long as you have the respective policy in place for the source->destination. Your configuration would be on your firewall, not the one in Germany, so it should still work. All you are adjusting is the port that the SSLVPN daemon is listening on locally on your device. I am pretty sure that this is correct, but will standard corrected if anyone else thinks otherwise. As I say I don' t have experience in this environment.