Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Babitha_M
Staff
Staff

Created on ‎09-14-2023 03:08 AM Edited on ‎04-06-2025 10:19 PM By Community Manager

Article Id 273604

Technical Tip: Unable to login to the GUI/SSH with Local firewall user

Description This article describes the case when it is impossible to log into the FortiGate via SSH, or GUI with the Local firewall user. The user belongs to a remote server (Radius, Tacacs) and can access it.
Scope FortiGate.
Solution
When it comes to firewall local users, the main reason will be enabling the admin-restrict in the global setting.
 
config system global
    set admin-restrict-local {enable | disable} <----- Default is set to disable.
end
 
If it is enabled, then the user credential check request will not check with respect to the local database and it will be blocked. Instead, it will be querying the remoter servers always.
 
It is possible to confirm the same by running the below command in the CLI:
 
diagnose debug reset
diagnose debug application fnbamd -1
diagnose debug application authd -1
diagnose debug enable
 
After that, disable the log by 'diagnose debug disable'.
 
In the debug, it is possible to see that the request is only forwarding to the remote server and not the local database.
 
Perform the initial troubleshooting by following the below article: Troubleshooting Tip: Cannot access the FortiGate web admin interface (GUI)
3108
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.