Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mbilgrav
New Contributor

How to restrict use of local admin, then remoter-server is running ... on FM & FAZ

hiya,
This will be my first post in this forum ! 

Reading https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-local-admin-authentication-when-r...

and I am already running this on my FortiGates, I need to do the same RBAC on FM & FAZ.

However, i'm unable to find the similar Command in FM/FAZ.

 

How can this be done ?

2 REPLIES 2
Debbie_FTNT
Staff
Staff

There is currently no equivalent setting on FortiManager/FortiAnalyzer, to prefer remote users over local users.

You can apply stringent trusted-host settings to the local admin accounts to limit where they can log in from, but a local admin will always be able to log in, even when LDAP/RADIUS/TACACS+ servers are reachable.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
mbilgrav
New Contributor

Thanks for the reply !
I have removed the 0-0 trusted hosts, plus set a "Zero-Permission" admin-profile on the admin user.
This effectively "disables" the user.
Also I found a tech-tip in here to completely delete the admin user, if so required, but this involved doing a backup, edit the system.conf, and restore ... somewhat cumbersome

On the FortiGates, i simple issue : delete admin


Labels
Top Kudoed Authors