Sometimes it is necessary to have a particular FortiGate administrator be active only during working hours. To implement this, the following configuration is used:

Configure a firewall schedule to recur:

config firewall schedule recurring
    edit "Schedule_9_to_16"
        set start 09:00
        set end 16:00
        set day sunday monday tuesday wednesday thursday friday saturday
        set color 0
        set fabric-object disable
    next
end

The configuration above is only an example for a schedule 9:00 AM to 16:00 PM all days of the week, but could be adjusted only Monday to Friday, and a different time frame.

Set the schedule action under the desired admin user account:

config system admin
    edit "administrator"
        set accprofile "super_admin"
        set vdom "root" "DMZ_vdom"
        set schedule "Schedule_9_to_16"
        set password ENC SH23U/O9tEWZdFlUMau7jCdkeI2dY9vTAUdTe+zh+OeSwgVkqe31JXGZ5Az9Pw=
    next
end

The configured schedule will be based on the firewall's local time configured under 'config system global'.

config system global
    ....................
    set timezone "Europe/Berlin" <-----
    ....................
end

Example log of log in failure caused by scheduler:

date=2025-04-28 time=12:26:40 eventtime=1745836000627131916 tz="+0200" logid="0100032002" type="event" subtype="system" level="alert" vd="root" logdesc="Admin login failed" sn="0" user="midnight" ui="https(12.1.2.1)" method="https" srcip=12.1.2.1 dstip=10.2.1.1 action="login" status="failed" reason="out_of_schedule" msg="Administrator midnight login failed from https(12.1.2.1) because of wrong time schedule"

Out of Schedule Failure

Related article:

Technical Tip: How to configure schedule policy with deny action