Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
betodejj
New Contributor II

FortiManager discovery & FortiGate local credentials

Hi Community,

 

I am looking for deep info about the relation between FortiManager discovery process & FortiGate local credentials after the discovery process. During the discovery process (onboarding new FGT) we use the local super user „123test“ and it works fine completing the discovery process but the question is what happens if we change the password of „123test“ on managed FGT? Is this local credential is still needed?

 

FMG training said, the discovery credentials (123test) is used to collect info about the device (version, config, model..) AND also to push new configs BUT we are using RADIUS authentication for managed proposes on FMG and FGT, that means from my best understanding the config push runs over RADIUS authenticated users (Events Logs on FGT) and NOT via local credential „123test“ anymore.

 

If this is true, the local credentials used during the discovery process should NOT be necessary anymore, right? or FortiManager still needs this local credentials?I am planing to change the password for this local user „123test“ and would like to clear understand the possible impacts.

 

Also, is there any config option in FortiManager that I could update the password of „123test“ used in the discovery process? FortiManager versions 6.4 and 7.0.

 

I really appreciate any inputs and since now thanks team!

tks
tks
1 Solution
srajeswaran
Staff
Staff

Fortigate credentials are only required when discovering the device for the first time or reclaiming the FGFM tunnel via debug command.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

4 REPLIES 4
srajeswaran
Staff
Staff

Fortigate credentials are only required when discovering the device for the first time or reclaiming the FGFM tunnel via debug command.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

betodejj

H Suraj,

 

thanks for the input, please do we have any documentation oder KB regarding your statement? Attached is what I have found from FMG v7.2 Self Paced Training that clear says it is used also for „install configuration“ but which cases? 

 

FMG discovery.png

tks
tks
srajeswaran

My input was based on an internal document, let me check if there is a public version of the same and share it.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

betodejj

Hi Suraj,

I have found the info from your statement some slides later as attached here.

Yeah, the credentials are used during the „add process“ and then the Serial Number is used to establish and authenticate the FGFM tunnel.

Tks for the colab!Serial based authentication FGFM.png

 

tks
tks
Top Kudoed Authors