FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kpanchal
Staff
Staff
Article Id 332753

Description

 

This article describes the reasons for a failed Admin login on FortiGate or an unsuccessful login on the FortiGate GUI.

 

Scope

 

FortiOS.

 

 

Solution

This issue is observed when someone attempts to log in to the FortiGate device using administrative credentials, but the login is unsuccessful.

This could be due to various reasons, such as an incorrect username or password, or because FortiGate considered the login attempt as potentially malicious.

 

To narrow down the cause of the issue:

  1. Review the Event Log Details: Review the steps in this article to check the event log details to gather more information about the failed login attempt. Look for specific error messages or codes that might provide insights into the reason for the failure.

000.PNG

 

0002.png

 

  1. Check For Malicious Activity: Multiple failed login attempts could indicate a brute-force attack or unauthorized access attempts. Investigate the source IP address of the failed login attempts. If there is a pattern of suspicious activity, take appropriate measures such as blocking the IP address or implementing additional security measures.

  2. Account Lockout policy: FortiGate may have an account policy configured which temporarily locks an account after a certain number of failed login attempts. Check if the administrator's account is locked and, if so, follow the appropriate procedure to unlock it.

    By default, the number of password retry attempts is set to three, allowing the administrator a maximum of three attempts at logging in to their account before they are locked out for a set amount of time (by default, 60 seconds).

 

 

003.png

 

Check the following configuration to see the lockout options:

 

config system global

set admin-lockout-threshold <failed_attempts>

set admin-lockout-duration <seconds>

end

 

 

Implement Two-Factor Authentication (2FA): Enable two-factor authentication for FortiGate administrators to add an extra layer of security. This can help prevent unauthorized access even if login credentials are compromised.

In v7.4.4 andv 7.2.8, go to System -> Administrators.

 

 

004.png

 

To configure this in the CLI, see this document.