Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PIDDLAW
New Contributor III

changing the ssl vpn port to 443 when there is an exchange 2010 server published

we currently use port 10443 for our ssl vpn portal. we are finding that a lot of our road warriors are having trouble at airports and hotels etc.. where that port is blocked.

We currently have an exchange 2010 server published on the fortigate for active sync, outlook web access and outlook anywhere.

Will changing the ssl vpn port from 10443 to 443 screw up my users from being able to access active sync etc on the exchange server?

Has anyone done this or tried?

thanks

Dave

6 REPLIES 6
rwpatterson
Valued Contributor III

Only  one device can be present and listening on any socket (socket = IP address + port). The only ways around this would be to change the IP address and NAT, or to change the port and flip on the Fortigate VIP rule.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
veechee
New Contributor

Not a fix for your issue, but just a comment.

I change SSL VPN to port 443 on all my installations.  Many hotspots only allow port 80 and 443, or those plus a select few other ports these days.

emnoc
Esteemed Contributor III

Not a fix for your issue, but just a comment from my experience

 

This is why I offer  ipsec ipsec-l2tp for roadwarriors. So the use has 3 methods to gain access. Other advantages, ipsec is native to some degree on every modern OS device from a simple iphone to window8 or MACOSX. It's also impervious to being hack, intercept, with the use of PFS of some layer7 device trying to do HTTPS inspection

 

I find it rarer that a hotspot/hotel/airport/home-depot/starbucks ( you get the drift ) will block ESP ( protocol 50  ) or IKE.

 

It's ( ipsec ) also less CPU intensive and specially on smaller or older fortigate hardware

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
PIDDLAW
New Contributor III

this might seems like a stupid question, but

Do you need to setup a seperate tunnel for every client?

or can multiple remote clients use the same connection at the same time using the same policy ( like the ssl vpn does?)

emnoc
Esteemed Contributor III

No, the ipsec dialup  will support multiple  clients. Google  forinet cookbook ipsec vpn for the howto.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
PIDDLAW
New Contributor III

thanks, that is working ( ipsec remote client)

testing to see if it is any better than the ssl vpn we have had nothing but problems with.

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors