Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Coolio13
New Contributor

VPN IPsec port change

Hi I have a FG 50b with the OS v4 MR3 P4. I have created a an IPsec VPN, which works great. Bt in same Networt, there are FireWall' s, which preventing to open a VPN. Is it possible to change the default IPsec VPN port to port 443?
3 REPLIES 3
SECCON1MC
New Contributor

Hello Coolio13, IPSEC vpn' s typically use UDP port 500 or 4500 and then protocols ESP and AH. I' m guessing the other firewalls may be blocking the ESP and AH protocols. The ports and or protocols are not able to be changed due to RFC compliance. Are you sure you do not mean SSL VPNs?
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
Coolio13

Hello Seccon1MC Thanks for your answer. Yes I was talking about IPSEC. Do I have other ways, to configure a VPN setup, which goes trough other firewalls? But in the mean time, the VPN configuration which has worked, doesn' t work any more. I have done the setup with the documentation " Using IPsec VPN to secure iPhone communication with a network protected by a FortiGate unit" But it doesen' t work.... Do you have any tipps?
emnoc
Esteemed Contributor III

general rules; ipsec ESP allow protocol 50 ( not a port # btw ) for IKE key change it' s either udp 500 or 4500 and sport 500 to dport 500. Btw port 4500 is used for NAT-T peers and NAT-T enabled peers will be identified in the initial IKEv1 packet. So back to your question, why do you need to change ports? and what are you doing? Draw a picture or diagram for us to better assist you. fwiw: You can change the ports on some firewall for NAT-T ( i.e cisco ASA ) but I never seen any needs for this. If your routing ipsec vpn thru another appliance, you will need them aware of this and have the right rules or protocol fixup. I hope that helps.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors