Hi Community,
I am looking for deep info about the relation between FortiManager discovery process & FortiGate local credentials after the discovery process. During the discovery process (onboarding new FGT) we use the local super user „123test“ and it works fine completing the discovery process but the question is what happens if we change the password of „123test“ on managed FGT? Is this local credential is still needed?
FMG training said, the discovery credentials (123test) is used to collect info about the device (version, config, model..) AND also to push new configs BUT we are using RADIUS authentication for managed proposes on FMG and FGT, that means from my best understanding the config push runs over RADIUS authenticated users (Events Logs on FGT) and NOT via local credential „123test“ anymore.
If this is true, the local credentials used during the discovery process should NOT be necessary anymore, right? or FortiManager still needs this local credentials?I am planing to change the password for this local user „123test“ and would like to clear understand the possible impacts.
Also, is there any config option in FortiManager that I could update the password of „123test“ used in the discovery process? FortiManager versions 6.4 and 7.0.
I really appreciate any inputs and since now thanks team!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Fortigate credentials are only required when discovering the device for the first time or reclaiming the FGFM tunnel via debug command.
Fortigate credentials are only required when discovering the device for the first time or reclaiming the FGFM tunnel via debug command.
H Suraj,
thanks for the input, please do we have any documentation oder KB regarding your statement? Attached is what I have found from FMG v7.2 Self Paced Training that clear says it is used also for „install configuration“ but which cases?
My input was based on an internal document, let me check if there is a public version of the same and share it.
Hi Suraj,
I have found the info from your statement some slides later as attached here.
Yeah, the credentials are used during the „add process“ and then the Serial Number is used to establish and authenticate the FGFM tunnel.
Tks for the colab!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.