Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Baptiste
Contributor II

Created on ‎04-13-2016 06:34 AM

Admin and Guest account

Hi,

I'm using an "admin-guest" that can only create guest account.

I can choose if username/password are auto-generated, that's working fine.

 

I'm missing a parameter : I would like to restrict expiration time (lock the parameter with the one I want)

for example admin-guest-1 can only create guest accounts with 4 hours validity after login (and this admin can't change this setting)

and admin-guest-2 can create guest account with 30 days validity after login (and this admin can't change this setting)

and so on...

 

Is there a way to achieve this ?

 

Thanks !

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
5285
0 Kudos
4 REPLIES 4
xsilver_FTNT
Staff
Staff

Created on ‎04-13-2016 12:39 PM

Hello,

as this is not currently supported then the usual way is to open NFR (new feature request).

Check with your closest Fortinet sales representative.

Kind regards,

Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

1728
0 Kudos
Jeff_FTNT
Staff
Staff
In response to xsilver_FTNT

Created on ‎04-13-2016 04:01 PM

You may create two different Guest Group with different option. Then user in different have different  restrict, thanks.

1728
0 Kudos
Baptiste
Contributor II
In response to Jeff_FTNT

Created on ‎05-26-2016 01:50 AM

Hello, thank you for you feedback

@jeff : there will be two different settings, but as it is not locked, guest admins can change that

I think it's a mistake because username & password settings are locked

 

I will go thru NFR process, I will post any info

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Preview file
25 KB
1728
0 Kudos
Baptiste
Contributor II
In response to Baptiste

Created on ‎05-26-2016 02:17 AM

Ok, I was doing a last test while writing my NFR, there is another thing annoying : auto-generated login & password can be change after creation. Ok for password changing, not for username !

 

Here is my NFR send to my Fortinet sales representative :

 

  -------------------------------------------------------------------------

I'm using an "admin-guest" that can only create guest account. I can choose if username/password are auto-generated,  “admin-guest” can’t change it, settings are locked.

But it’s only when creating a new user… auto-generated login & password can be change after. Ok for password changing, not for username !   In order to enforce Internet Access Policy, I ask for :

1st] restrict expiration time (lock the parameter with the one I want on guest-group) for example Wifi-Guest-Daily is a guest-group with 8 hours validity after login and Wifi-Guest-Month is a guest-group with 30 days validity after login and so on...

 

2nd] those settings come with the one above :

ability to restrict (or not) an admin-guest from changing :

Username

Password

Expiration date

-------------------------------------------------------------------------

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
1728
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.