Technical Tip: Control various 'admin' users logging in at the same time

Description

This article describes how many 'admin' users can log in at the same time.

Scope

FortiGate.

Solution

There is a limit to the number of administrators that can log on to a FortiGate unit using the 'admin' account when using the web-based/SSH manager.

It can be applied with the following command:

config system  global                                                        
    set admin-login-max                                                        
    admin-login-max             <----- Enter an integer value from <1> to <100> (default = <100>).
end

Note:

If a single active admin login is required for audit purposes, the below commands can be used: Technical Tip: Restricting multiple admin sessions from the same admin user.

config system  global                                                        
    set admin-login-max                                                        
    set admin-concurrent disable
end

Result when a maximum number of active administrator sessions has been reached:

For Auditing purpose Admin lockout can be defined as well:

config system global
    set admin-lockout-threshold <failed_attempts>
    set admin-lockout-duration <seconds>
end

For Auditing purpose Admin time out can be defined as well:

config system global
    set admintimeout <minutes>
end

Related articles:

Technical Tip: System administrator best practices for FortiGate and FortiProxy

Technical Tip: How to set a maximum number of logged-in administrators