Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
droktor
New Contributor II

VPN IPSEC Wizard

Hi guys, just a simple question :

 

My Fortigate 90D,  under VPN Creation Wizard, STEP 2 , when asking for IP Address, it wouldn't let me input a port as we are using xxx.xxx.xxx.xxx:444

 

Is there a way to add a port to this IP address

 

droktor_0-1671514641402.png

 

Thanks in advance

 

1 Solution
ede_pfau

Well, then you're out of luck. Shifting the IKE/IPsec port is IMHO quite uncommon, and a very new feature for FortiOS as well.

 

IF you had a newer FGT then I would point out to you that in recent FortiOS an SSLVPN client was included, so you could do site-to-site SSLVPN...but I won't.


Ede


"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Ede"Kernel panic: Aiee, killing interrupt handler!"
6 REPLIES 6
Mohamed_Gaber
Contributor

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/33578/configurable-ike-port

 

To set the IKE port:
config system settings
set ike-port 6000
end

Mohamed Gaber
Cell : +201001615878
E-mail : mohamed.gaber@alkancit.com
Mohamed GaberCell : +201001615878E-mail : mohamed.gaber@alkancit.com
alif

This option is only available on FortiOS 7.0 version.

Fortigate-90D can't be upgraded to FortiOS 6.2 or later versions.

Regards,
SFA
droktor
New Contributor II

I am on version 6.0.15

ede_pfau
SuperUser
SuperUser

I think you mix up IPsec VPN and SSLVPN. The custom port looks like you want to use it with SSLVPN.

 

Yes, in FortiOS v7.0, there is a new option to use a custom port for the IKE and IPsec protocols when using NAT (default: ike/500, ipsec/4500). Both protocols will use the custom port. This might help if IPsec standard ports are blacklisted by the ISP, but if there is censorship, it will use whitelisting and thus port relocation won't help at all.

If you go this way, check that the VPN client can use the custom port.


Ede


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
droktor
New Contributor II

Thank you, well not actually a mix up, just need to connect my 90D as a client of a cisco vpn but company uses port 444 which does not allow me to input on configuration :(

 

90D SSLVPN server works like a charm from an outside to my home.

 

 

ede_pfau

Well, then you're out of luck. Shifting the IKE/IPsec port is IMHO quite uncommon, and a very new feature for FortiOS as well.

 

IF you had a newer FGT then I would point out to you that in recent FortiOS an SSLVPN client was included, so you could do site-to-site SSLVPN...but I won't.


Ede


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors