we currently use port 10443 for our ssl vpn portal. we are finding that a lot of our road warriors are having trouble at airports and hotels etc.. where that port is blocked.
We currently have an exchange 2010 server published on the fortigate for active sync, outlook web access and outlook anywhere.
Will changing the ssl vpn port from 10443 to 443 screw up my users from being able to access active sync etc on the exchange server?
Has anyone done this or tried?
thanks
Dave
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Only one device can be present and listening on any socket (socket = IP address + port). The only ways around this would be to change the IP address and NAT, or to change the port and flip on the Fortigate VIP rule.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Not a fix for your issue, but just a comment.
I change SSL VPN to port 443 on all my installations. Many hotspots only allow port 80 and 443, or those plus a select few other ports these days.
Not a fix for your issue, but just a comment from my experience
This is why I offer ipsec ipsec-l2tp for roadwarriors. So the use has 3 methods to gain access. Other advantages, ipsec is native to some degree on every modern OS device from a simple iphone to window8 or MACOSX. It's also impervious to being hack, intercept, with the use of PFS of some layer7 device trying to do HTTPS inspection
I find it rarer that a hotspot/hotel/airport/home-depot/starbucks ( you get the drift ) will block ESP ( protocol 50 ) or IKE.
It's ( ipsec ) also less CPU intensive and specially on smaller or older fortigate hardware
PCNSE
NSE
StrongSwan
this might seems like a stupid question, but
Do you need to setup a seperate tunnel for every client?
or can multiple remote clients use the same connection at the same time using the same policy ( like the ssl vpn does?)
No, the ipsec dialup will support multiple clients. Google forinet cookbook ipsec vpn for the howto.
PCNSE
NSE
StrongSwan
thanks, that is working ( ipsec remote client)
testing to see if it is any better than the ssl vpn we have had nothing but problems with.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1721 | |
1098 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.