Disable ssh direct root access on FortiSIEM

Forum|Forum|3 months ago
February 14, 2026
1 reply
228 views

Hello FSM admins

In the FSM hardening guide they didn't mention disabling direct root ssh access, while it is a general security recommendation.

In that case have they just forgotten to mention it or is this just not applicable to FSM?

I mean does it have any impact to disable direct root ssh access?

I ask this question because I remember one day I did the same on my old FortiNAC (9.x) and there was an negative impact on the software update that was not able to perform. So I wonder if there will be any negative impact on FSM.

Secusaurus

Contributor III

Hi @AEK,

In my experience, you are doing a lot on the shell. Troubleshooting, health monitoring, parser-refinements, remediation script testing and most important: upgrades (copying the packages via ssh/scp is far easier than serving and downloading them from a custom server).

Meaning, you will very frequently need admin access to the shell and that's easier via ssh, though, not necessary.

I did not hear about a negative impact, but that's probably because no one tested :D

If you want to limit the ssh-access, I'd propose a firewall in front of the cluster - which you would like to have anyways..

Best,

Christian

NSE8 | Fortinet Advanced MSSP Partner

AEKAuthor

SuperUser

Hello Secusaurus

Thanks for your feedback.

The firewall option is indeed a good idea, but my concern here is to block "direct" root access via ssh, while allowing regular admin ssh access (for authorized users), so then can use su/sudo to switch to root account.

I just got a response from TAC support and informed me that this has no impact on any SIEM service, so I'll go ahead and disable direct root access.

In case I have any negative impact I'll share it here.

AEK

aebadi

Staff

Hi @AEK,

When it comes time to troubleshoot issues or collect logs, Support will typically require SSH access to the system. While you can access the VM console through the hypervisor, that does not always allow for an efficient troubleshooting session. Many diagnostic commands need to be copied and pasted, and that is much easier and more reliable over SSH.

Additionally, if you plan to configure HA, the nodes must be able to communicate properly with each other, including secure remote access between systems. Blocking or restricting SSH between nodes can interfere with certain operations and future maintenance activities.

For these reasons, limiting SSH access can create challenges during troubleshooting and system management.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded