Description
This article provides the information on changing the Management GUI port of FortiAuthenticator
Solution
The GUI port of FortiAuthenticator cannot be changed, it is hard coded to HTTPS/443
However, the FortiAuthenticator can be set to specify in the push message a different port over which it can be contacted, to make a DNAT on the FortiGate for incoming traffic.
For example.
1) From the GUI go to System -> Administration -> System Access and under 'Public IP/FQDN for FortiToken Mobile' set <public_IP>:10443.
2) On the FortiGate, create a VIP object to map incoming traffic from <public_IP>:10443 to <FAC_IP>:443.
It is recommended to reboot the FortiAuthenticator once the above configuration has been done on units to make sure that the web service is restarted and the new port is applied to it on FortiAuthenticator.
Also, it is necessary that the FortiGate has its local push service disabled.
Note.
It is the workaround just to try to use some other GUI port for FortiAuthenticator, it is not the solution for the option to change the GUI port on FortiAuthenticator, feel free to submit it as a new feature request (NFR) to the local Fortinet sales representative.
