FortiGate: Change the HTTPS Fortigate Management Port

KB ID 0001723

Problem

Like all firewalls that have ‘web management’ the default ports are 80 and 443 for insecure and secure management. IF you have secure (https) management on the outside interface of your firewall on the normal TCP port of 443. Then you can’t use the same interface to terminal SSLVPNs. So you will need to change the FortiGate Management Port.

You can set SSL-VPN to use a different port of course, but for your remote workers who may be in hotels, or in locations where only web (port 80) and secure web/HTTP (port 443) are only allowed that’s going to be a problem.

The lesser of the two evils is to change the secure web management port to something that is not 443!

Changing the Fortigate Management Port (HTTPS)

Note: I’m talking about changing the TCP port, NOT the physical management port, if that’s what you are trying to do, then you simply enable that on the INTERFACE on the firewall like so;

FortiGate Change Management Port via CLI

Firstly to find out/check the port that https is currently configured on use;

[box]

show full | grep admin-sport

[/box]

Then to change the port number (in this case to 4433) use;

[box]

config system global
set admin-sport 4433

[/box]

FortiGate Change Management Port via GUI

System > Settings  > Administration Settings > HTTPS Port.

Change the port number accordingly > Apply  >After a while it will try and reconnect and probably fail, (that’s OK).

Reconnect to the firewall using https://{IP-or-Hostname}:{Port-Number}

Related Articles, References, Credits, or External Links

NA

Leave a Reply

Your email address will not be published. Required fields are marked *