Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

How to restrict use of local admin, then remoter-server is running ... on FM & FAZ

This will be my first post in this forum ! 


and I am already running this on my FortiGates, I need to do the same RBAC on FM & FAZ.

However, i'm unable to find the similar Command in FM/FAZ.


How can this be done ?


There is currently no equivalent setting on FortiManager/FortiAnalyzer, to prefer remote users over local users.

You can apply stringent trusted-host settings to the local admin accounts to limit where they can log in from, but a local admin will always be able to log in, even when LDAP/RADIUS/TACACS+ servers are reachable.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
New Contributor

Thanks for the reply !
I have removed the 0-0 trusted hosts, plus set a "Zero-Permission" admin-profile on the admin user.
This effectively "disables" the user.
Also I found a tech-tip in here to completely delete the admin user, if so required, but this involved doing a backup, edit the system.conf, and restore ... somewhat cumbersome

On the FortiGates, i simple issue : delete admin