Can I disable Ipsec VPN ?
or I want to be able to connect only from specified ip.
( I want to block UDP 500, 4500 Port from the outside -> It it now open. )
I want to use SSL VPN only.
( Fortigate 110C, v5.2.0 )
You can configure a local in policy from CLI and block port 4500 and port 500 to the fortigate.
config firewall local-in-policy
NSE Certified : Level 8
It would be cleanest to remove the IPsec config if you plan not to use it. A local-in policy is the way to narrow down the source by address, range or country if you need the IPsec VPN.
As best practice, move the SSLVPN port to a higher number, e.g. 30443. Would be more difficult to hit without extensive port scanning. Only drawback: some hotel could be overprotective and not allow high ports/non-standard ports.
You can disable it or can set some specific Public IP to allow access to the VPN. This can archive from policy configuration.
Products Solutions Support Partners Threat Research Contact Us