Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AnthonyH
Staff
Staff

Created on ‎02-20-2025 10:36 AM

Article Id 377905

Technical Tip: Restrict Local Admin Accounts to console only

Description This article describes a way to configure local administrators accounts that can only be accessed by using the console port.
Scope FortiGate.
Solution

Create a local administrator account using the following:

 

config system admin

    edit "Console_admin"

        set trusthost1 0.0.0.0 255.255.255.255

        set accprofile "super_admin"

        set vdom "root"

        set password <set_password>

    next

end

 

Setting the trusted host to a 0.0.0.0/32 will mean a single IP, 0.0.0.0 which cannot exist on a host. 

 

Accessing the FortiGate using a console connection:

 
 

Console_only admin.png

 

Accessing the FortiGate without a console connection will be blocked: 

 

date=2025-02-20 time=11:50:10 eventtime=1740070210821887210 tz="-0500" logid="0100032002" type="event" subtype="system" level="alert" vd="root" logdesc="Admin login failed" sn="0" user="Console_admin" ui="https(10.10.10.2)" method="https" srcip=10.10.10.2 dstip=10.10.10.1 action="login" status="failed" reason="ip_blocked" msg="Administrator Console_admin login failed from https(10.10.10.2) because of blocked IP"

 

Related articles:

Technical Tip: Restrict local admin authentication when remote authentication server is running.
599
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.