FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hrahuman_FTNT
Staff & Editor
Staff & Editor
Article Id 197290

Description

 

This article describes how many 'admin' users can log in at the same time.

 

Scope

 

FortiGate.

 

Solution


There is a limit to the number of administrators that can log on to a FortiGate unit using the 'admin' account when using the web-based/SSH manager.

 

It can be applied with the following command:

 

config system  global                                                        
    set admin-login-max                                                        
    admin-login-max             <----- Enter an integer value from <1> to <100> (default = <100>).
end

 

Note:

If a single active admin login is required for audit purposes, the below commands can be used: Technical Tip: Restricting multiple admin sessions from the same admin user.

 

config system  global                                                        
    set admin-login-max                                                        
    set admin-concurrent disable
end

 

Result when a maximum number of active administrator sessions has been reached:

 

1.png

 

For Auditing purpose Admin lockout can be defined as well:

 

config system global
    set admin-lockout-threshold <failed_attempts>
    set admin-lockout-duration <seconds>
end

 

For Auditing purpose Admin time out can be defined as well:

 

config system global
    set admintimeout <minutes>
end

 

Related articles:

Technical Tip: System administrator best practices for FortiGate and FortiProxy

Technical Tip: How to set a maximum number of logged-in administrators