Hello,
I was wondering if it's possible to lock down a local admin account for console access only?
I know that you can do it in the global settings, but I only want to lock down one admin account with no mfa to console access only. I attempted to create an admin account and have it's trusted host as 127.0.0.1/32 but got an error. I would like to do this in the trusted host if possible and avoid using a local in policy. In the back of my mind I am thinking about cloud based FortiGate's that have been orphaned from internet access and can only access them through the cloud native console session.
FortiGate firmware version 7.2.10
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Update:
I tried applying the 127.0.0.1/32 to the trusted host I got the following error: Ip address must be a class A, B, or C ip.
However, I did a 0.0.0.0/32 address and that worked. I confirmed I could reach the FortiGate console from Azure on that admin account. Would using a 0.0.0.0/32 address open any security risk?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.