Topic Thread

Expand all | Collapse all

Can I disable Ipsec VPN ? ( I want to block UDP 500, 4500 Port from the outside. -> It is now open.)

  • 1.  Can I disable Ipsec VPN ? ( I want to block UDP 500, 4500 Port from the outside. -> It is now open.)

    Posted Jan 30, 2018 05:35 AM

    Can I disable Ipsec VPN ?

    or I want to be able to connect only from specified ip.

    ( I want to block UDP 500, 4500 Port from the outside -> It it now open. )

    I want to use SSL VPN only.

    ( Fortigate 110C, v5.2.0 )

     



  • 2.  RE: Can I disable Ipsec VPN ? ( I want to block UDP 500, 4500 Port from the outside. -> It is now open.)

     
    Posted Feb 06, 2018 10:17 PM

    You can configure a local in policy from CLI and block port 4500 and port 500 to the fortigate.

    config firewall local-in-policy

    Rony Moussa

    NSE Certified : Level 8



  • 3.  RE: Can I disable Ipsec VPN ? ( I want to block UDP 500, 4500 Port from the outside. -> It is now open.)

    Posted May 12, 2018 02:35 AM

    It would be cleanest to remove the IPsec config if you plan not to use it. A local-in policy is the way to narrow down the source by address, range or country if you need the IPsec VPN.

    As best practice, move the SSLVPN port to a higher number, e.g. 30443. Would be more difficult to hit without extensive port scanning. Only drawback: some hotel could be overprotective and not allow high ports/non-standard ports.



  • 4.  RE: Can I disable Ipsec VPN ? ( I want to block UDP 500, 4500 Port from the outside. -> It is now open.)

    Posted May 14, 2018 12:40 AM

    Hi,

    You can disable it or can set some specific Public IP to allow access to the VPN. This can archive from policy configuration.

     

    Regards,

    Deepak Kumar