hiya,
This will be my first post in this forum !
Reading https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-local-admin-authentication-when-r...
and I am already running this on my FortiGates, I need to do the same RBAC on FM & FAZ.
However, i'm unable to find the similar Command in FM/FAZ.
How can this be done ?
There is currently no equivalent setting on FortiManager/FortiAnalyzer, to prefer remote users over local users.
You can apply stringent trusted-host settings to the local admin accounts to limit where they can log in from, but a local admin will always be able to log in, even when LDAP/RADIUS/TACACS+ servers are reachable.
Thanks for the reply !
I have removed the 0-0 trusted hosts, plus set a "Zero-Permission" admin-profile on the admin user.
This effectively "disables" the user.
Also I found a tech-tip in here to completely delete the admin user, if so required, but this involved doing a backup, edit the system.conf, and restore ... somewhat cumbersome
On the FortiGates, i simple issue : delete admin
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.