| Description | This article describes a per-VDOM administrator can only access the FortiGate through a network interface that is assigned to the VDOM that the administrators are assigned to. The interface must also be configured to allow management access. Users can also connect to the FortiGate using the console port. |
| Scope | FortiGate v7.2.1 |
| Solution |
Under the 'Global' VDOM, allocate the LAN interface to new VDOM ‘South’, which is already created.
In ‘South’ VDOM, it is possible to see that there is a new allocated interface to specific VDOM.
Then it is necessary to create LDAP remote server and LDAP User Group under the 'South' VDOM, which will be used for user authentication while logging to FortiGate.
In 'Global' VDOM, create a wildcard LDAP administrator that will have access the FortiGate only over the network interface (port9) which belongs to VDOM ‘South’.
Testing FortiGate GUI access from remote workstation that is on same subnet as network interface port9 that is assigned to the VDOM ‘South’.
LDAP remote authentication is working.
Troubleshooting:
# diagnose debug console timestamp enable
Related KB article:
|
