FortiGate: Change the HTTPS Management Port

KB ID 0001723

Problem

Like all firewalls that have ‘web management’ the default ports are 80 and 443 for insecure and secure management. IF you have secure (https) management on the outside interface of your firewall on the normal TCP port of 443. Then you can’t use the same interface to terminal SSLVPNs.

You can set SSL-VPN to use a different port of course, but for your remote workers who may be in hotels, or in locations where only web (port 80) and secure web/HTTP (port 443) are only allowed that’s going to be a problem.

The lesser of the two evils is to change the secure web management port to something that is not 443!

Solution

Note: I’m talking about changing the TCP port, NOT the physical management port, if that’s what you are trying to do, then you simply enable that on the INTERFACE on the firewall like so;

FortiGate Change Management Port via CLI

Firstly to find out/check the port that https is currently configured on use;

show full | grep admin-sport

Then to change the port number (in this case to 4433) use;

config system global
set admin-sport 4433

Fortigate CLI Change https managment port

FortiGate Change Management Port via GUI

System > Settings  > Administration Settings > HTTPS Port.

Fortigate Change Managment Port

Change the port number accordingly > Apply  >After a while it will try and reconnect and probably fail, (that’s OK).

Fortigate Change HTTPS Managment Port

Reconnect to the firewall using https://{IP-or-Hostname}:{Port-Number}

Fortigate Alternate HTTPS Managment Port

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *