FortiGate Administration HTTP and HTTPS Port
The default HTTP and HTTPS ports (80 and 443) are commonly used across various systems and networks, making them well-known to potential attackers. In a security-focused network environment, changing the default administration ports for HTTPS and HTTP on your firewall or router can be a simple yet effective way to enhance security.
Introduction
FortiGate firewalls are a crucial part of network security infrastructure, providing comprehensive threat protection for businesses of all sizes. As with any firewall, proper configuration and administration are essential to ensure optimal performance and security. One important aspect of managing a FortiGate device is configuring the HTTP and HTTPS ports used for administrative access. This article explores how to change these ports to enhance security and meet organizational requirements.
Understanding FortiGate Administrative Access
By default, FortiGate devices use port 80 for HTTP and port 443 for HTTPS to allow administrators to access the web-based management interface. While these are standard ports, changing them can provide an additional layer of security by obscuring the administrative interface from unauthorized users who scan networks for open ports.
Why Change the Default Ports?
- Avoid Port Conflict: Sometimes default ports are used by other application (web server).
- Security Enhancement: Default ports are well-known and can be targeted by attackers. Changing them reduces the risk of automated attacks and scanning attempts.
- Compliance: Some organizations have compliance requirements that mandate the use of non-standard ports for management interfaces.
- Network Policy: Customizing port configurations may align with specific network policies or configurations.
How to Change the Default HTTP and HTTPS Ports on FortiGate
Prerequisites
- Backup configuration before any change
- Administrative access to the FortiGate device.
- Ensure that the new ports do not conflict with other services.
Steps to Change Administration Ports
1: Access the FortiGate Web Interface
Open a web browser and enter the IP address of your FortiGate device.
- Log in with administrative credentials.
2: Navigate to the Settings
- Go to System > Settings.
Step 3: Modify the Ports
- Locate the Administrator Settings section.
- Find the HTTPS Port and HTTP Port fields(my recommendation is to disable HTTP access to the firewall via WAN Interface).
- Enter your desired port numbers. Ensure these ports are not in use by other services.
4: Apply Changes
- Click Apply to save the changes.
- You may need to update any bookmarks or scripts that reference the old port numbers.
5: Test Access
- Attempt to access the FortiGate interface using the new ports to confirm the changes are successful.
