How to restrict use of local admin, then remoter-server is running ... on FM & FAZ

mbilgrav · ‎02-25-2022

hiya,
This will be my first post in this forum !

Reading https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-local-admin-authentication-when-r...

and I am already running this on my FortiGates, I need to do the same RBAC on FM & FAZ.

However, i'm unable to find the similar Command in FM/FAZ.

How can this be done ?

Debbie_FTNT · ‎02-25-2022

There is currently no equivalent setting on FortiManager/FortiAnalyzer, to prefer remote users over local users.

You can apply stringent trusted-host settings to the local admin accounts to limit where they can log in from, but a local admin will always be able to log in, even when LDAP/RADIUS/TACACS+ servers are reachable.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

mbilgrav · ‎02-25-2022

Thanks for the reply !
I have removed the 0-0 trusted hosts, plus set a "Zero-Permission" admin-profile on the admin user.
This effectively "disables" the user.
Also I found a tech-tip in here to completely delete the admin user, if so required, but this involved doing a backup, edit the system.conf, and restore ... somewhat cumbersome

On the FortiGates, i simple issue : delete admin

How to restrict use of local admin, then remoter-server is running ... on FM & FAZ

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website