Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kpanchal
Staff
Staff

Created on ‎08-13-2024 12:12 PM Edited on ‎02-18-2025 10:09 PM By Community Manager

Article Id 332753

Troubleshooting Tip: Reasons for failed Admin login on FortiGate or an unsuccessful login on FortiGate GUI

Description

 

This article describes the reasons for a failed Admin login on FortiGate or an unsuccessful login on the FortiGate GUI.

 

Scope

 

FortiOS.

 

Solution

 

This issue is observed when someone attempts to log in to the FortiGate device using administrative credentials, but the login is unsuccessful.

This could be due to various reasons, such as an incorrect username or password, or because FortiGate considered the login attempt as potentially malicious.

 

To narrow down the cause of the issue:

  1. Review the Event Log Details: Review the steps in: Technical Tip: How to check failed admin logins from the GUI and CLI to check the event log details to gather more information about the failed login attempt. Look for specific error messages or codes that might provide insights into the reason for the failure.

000.PNG

 

Capture.PNG

 

  1. Check For Malicious Activity: Multiple failed login attempts could indicate a brute-force attack or unauthorized access attempts. Investigate the source IP address of the failed login attempts. If there is a pattern of suspicious activity, take appropriate measures such as blocking the IP address or implementing additional security measures.

  2. Account Lockout policy: FortiGate may have an account policy configured which temporarily locks an account after a certain number of failed login attempts. Check if the administrator's account is locked and, if so, follow the appropriate procedure to unlock it.

By default, the number of password retry attempts is set to three, allowing the administrator a maximum of three attempts at logging in to their account before they are locked out for a set amount of time (by default, 60 seconds).

003.png

 

Check the following configuration to see the lockout options:

 

config system global

set admin-lockout-threshold <failed_attempts>

set admin-lockout-duration <seconds>

end

 

 

Implement Two-Factor Authentication (2FA): Enable two-factor authentication for FortiGate administrators to add an extra layer of security. This can help prevent unauthorized access even if login credentials are compromised.

In v7.4.4 and v7.2.8, go to System -> Administrators.

 

004.png

 

To configure this in the CLI, see: Add FortiToken multi-factor authentication.

 

In addition to the above troubleshooting:

Ensure that the admin account is not administratively restricted by certain session limits. If multiple administrators are sharing the same credentials, check whether the admin account has session limits configured that could be causing login issues. Refer to the following articles for more details:

How to set a maximum number of logged-in administrators

Restricting multiple admin sessions from the same admin user

3097
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.