Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
knowles13088
New Contributor

VPN port

Just looking for ideas on other's approaches:

Our VPN SSL portal is functioning well.

 

We encountered an issue the other day when one of our users was apparently trying to connect at one of their client's sites. We're using 10443, which we feel flies well under the radar of most port scanners.

 

To accommodate this situation, we are considering changing the port. We don't have an additional public IP available for using 443, which is being used for webmail interface.

 

So, what are y'all using? 

 

Thanks

4 REPLIES 4
hubertzw
Contributor III

It doesn't matter what you set. Tools like nmap scans all ports. You can improve a security a bit by using geography objects (with IP) to limit who is allowed to initiate the VPN connection.

knowles13088

Thanks. I understand what you are saying, but that was not my question. I don't really care what port I use. 

 

I just happened to choose 10443. On one of his client visits, the LAN admin was apparently blocking that port even on their guest network.

 

So, all I'm asking what port others may be using....

hubertzw

I'd change management port for non-default and leave tcp/443 for sslvpn

knowles13088

Thanks again. Per original post: 443 used for Outlook web access. Not looking for technical answer,  just opinion 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors