Fortinet FortiGate: Change Default Administration HTTPS and HTTP Port

Introduction

FortiGate firewalls are a crucial part of network security infrastructure, providing comprehensive threat protection for businesses of all sizes. As with any firewall, proper configuration and administration are essential to ensure optimal performance and security. One important aspect of managing a FortiGate device is configuring the HTTP and HTTPS ports used for administrative access. This article explores how to change these ports to enhance security and meet organizational requirements.

Understanding FortiGate Administrative Access

By default, FortiGate devices use port 80 for HTTP and port 443 for HTTPS to allow administrators to access the web-based management interface. While these are standard ports, changing them can provide an additional layer of security by obscuring the administrative interface from unauthorized users who scan networks for open ports.

Why Change the Default Ports?

1. Avoid Port Conflict: Sometimes default ports are used by other application (web server).
2. Security Enhancement: Default ports are well-known and can be targeted by attackers. Changing them reduces the risk of automated attacks and scanning attempts.
3. Compliance: Some organizations have compliance requirements that mandate the use of non-standard ports for management interfaces.
4. Network Policy: Customizing port configurations may align with specific network policies or configurations.

How to Change the Default HTTP and HTTPS Ports on FortiGate

Prerequisites

• Backup configuration before any change
• Administrative access to the FortiGate device.
• Ensure that the new ports do not conflict with other services.

Steps to Change Ports

1. : Access the FortiGate Web Interface:
   • Open a web browser and enter the IP address of your FortiGate device.
   • Log in with administrative credentials.
2. Navigate to the Settings:
   • Go to System > Settings.
3. Modify the Ports:
   • Locate the Administrator Settings section.
   • Find the HTTPS Port and HTTP Port fields(my recommendation is to disable HTTP access to the firewall via WAN Interface).
   • Enter your desired port numbers. Ensure these ports are not in use by other services.
4. Apply Changes:
   • Click Apply to save the changes.
   • You may need to update any bookmarks or scripts that reference the old port numbers.
5. Test Access:
   • Attempt to access the FortiGate interface using the new ports to confirm the changes are successful.

About The Author