When you configure an IPsec Site-to-Site VPN on a FortiGate firewall (especially models like 40F, 60F, 80F), you may suddenly lose access to the web GUI on the WAN interface (port 443).
FortiGate also shows a warning during IPsec setup that HTTPS access on the WAN may be affected.
This happens because the VPN configuration can modify interface roles, local-in policies, and route priorities β which sometimes blocks the default management port (443).
β Solution: Change the WAN Web Administration Port
To restore access to the GUI, you can simply change the default HTTPS port to another port (for example, 8443).
Step 1: Connect to the firewall using SSH
Use any SSH client:
ssh admin@<WAN-IP>
Step 2: Change the HTTPS (GUI) Port
Run the following commands:
config system global
set admin-sport 8443
end
This will move the web GUI from port 443 to 8443.
You can now access the GUI using:
https://<WAN-IP>:8443
Step 3: Ensure WAN Allows HTTPS Management
Verify that your WAN interface has HTTPS enabled:
config system interface
edit wan
set allowaccess ping https http ssh
end
If HTTPS is not allowed, you will not be able to access the GUI even with the new port.
π Why This Happens
When you configure an IPsec tunnel:
- The firewall may add local-in rules for VPN services
- Port 443 may be reserved for SSL-VPN
- Administrative access settings may reset
- Routing priority for WAN changes
As a result, HTTPS on port 443 becomes unavailable from the WAN, but SSH remains accessible.
π― Tip
Always keep SSH access enabled on WAN so you can recover remotely in case GUI access is blocked.
βοΈ Final Result
After changing the admin port, your web interface will work again on:
π https://your-public-IP:8443
This simple fix restores full GUI management even after configuring IPsec VPN.