This article describes an issue where a VDOM admin is not able to log into each VDOM; only the global admin can log into the FortiGate. A solution is offered.

Example of a VDOM admin:

edit "test-admin"

set remote-auth enable

set trusthost1 10.10.10.0 255.255.255.0

set vdom "VPR6CBRO01"

config gui-dashboard

end

set wildcard enable

set remote-group "Test-Admin"

next

Example of a global admin:

edit "Global_Admin"

set remote-auth enable

set trusthost1 192.168.1.0 255.255.255.0

set accprofile "super_admin"

set vdom "root"

set gui-ignore-release-overview-version "6.4.1"

set wildcard enable

set remote-group "admin"

When FortiOS receives a system login request, it first looks for a system admin account where the name exactly matches the requested name. If it cannot find an exact match, FortiOS will look for a wildcard system admin account and choose either a global or VDOM specific account, depending on which comes first.

To solve this issue, move the global remote and wildcard accounts to the bottom of the list. Place the VDOM restricted remote and wildcard accounts at the top, then the global accounts at the end.