Fortinet white logo
Fortinet white logo

Administration Guide

Configuring ports

Configuring ports

To improve security, the default ports for administrative connections to the FortiGate can be changed. Port numbers must be unique. If a conflict exists with a particular port, a warning message is shown.

When connecting to the FortiGate after a port has been changed, the port number be included, for example: https://192.168.1.99:100.

Note

Be aware of port conflicts with the IKE/IPsec TCP port. In 7.6.1 and later, the default IKE/IPsec TCP port is 443. If IPsec and GUI Management access are configured on the same interface, then IPsec access will take precedence.

See GUI warnings for IKE-TCP port conflicts for more details.

To configure the ports in the GUI:
  1. Go to System > Settings.
  2. In the Administration Settings section, set the HTTP, HTTPS, SSH, and Telnet ports.
  3. Enable Redirect to HTTPS to prevent HTTP from being used by administrators.
  4. Click Apply.
To configure the ports in the CLI:
config system global
    set admin-port <port>
    set admin-sport <port>
    set admin-https-redirect {enable | disable}
    set admin-ssh-port <port>
    set admin-telnet-port <port>    
end

Configuring ports

Configuring ports

To improve security, the default ports for administrative connections to the FortiGate can be changed. Port numbers must be unique. If a conflict exists with a particular port, a warning message is shown.

When connecting to the FortiGate after a port has been changed, the port number be included, for example: https://192.168.1.99:100.

Note

Be aware of port conflicts with the IKE/IPsec TCP port. In 7.6.1 and later, the default IKE/IPsec TCP port is 443. If IPsec and GUI Management access are configured on the same interface, then IPsec access will take precedence.

See GUI warnings for IKE-TCP port conflicts for more details.

To configure the ports in the GUI:
  1. Go to System > Settings.
  2. In the Administration Settings section, set the HTTP, HTTPS, SSH, and Telnet ports.
  3. Enable Redirect to HTTPS to prevent HTTP from being used by administrators.
  4. Click Apply.
To configure the ports in the CLI:
config system global
    set admin-port <port>
    set admin-sport <port>
    set admin-https-redirect {enable | disable}
    set admin-ssh-port <port>
    set admin-telnet-port <port>    
end