Staff

Technical Tip: Securing auto-generated admin users in a FortiGate cluster on the Google Cloud Platform

Forum|Forum|3 months ago
February 13, 2026
0 replies
195 views

Description

This article describes how to secure auto-generated admin users in a FortiGate cluster on Google Cloud Platform. The article provides a step-by-step guide on how to modify the prof_admin group profile to limit privileges and prevent unauthorized access.

Scope

FortiGate.

Solution

To secure the auto-generated admin users in a FortiGate cluster on Google Cloud Platform, follow these steps:

Go to System -> Admin and identify the auto-generated admin users with the profile 'prof_admin'.
Modify the 'prof_admin' group profile by going to System -> Admin -> Profile and selecting 'prof_admin'.
Set all permissions to 'None' to limit the privileges of the auto-generated admin users.

Alternatively, it is also possible to disable the OS Login feature by setting 'enable-oslogin' to 'FALSE' and 'block-project-ssh-keys' to 'TRUE' on the Google Cloud Platform side. However, this will prevent the use of the GCP Console SSH shortcut and gcloud SSH commands.

In general, it is recommended to configure Trusted Hosts to only allow access from trusted hosts and to set up local-in policies to deny SSH access from GCP subnets.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded