Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
shin_amuro
New Contributor

Created on ‎02-02-2018 02:50 AM

Login failed from 127.0.0.1

Hi,

 

I am getting the following log every around 15 minutes on my 50E.

 

Administrator admin login failed from http(127.0.0.1) because of invalid password

 

Any has any idea on what is this could be?

 

Thanks

Labels:
49946
1 Solution
Wayne11
Contributor

Created on ‎02-03-2018 05:11 AM

I bet you use FortiAnalyzer. Check the login credentials you have configured on both sides, on the FAZ and the FG.

View solution in original post

28550
12 REPLIES 12
boneyard
Valued Contributor
In response to Prab

Created on ‎05-31-2019 12:35 AM

Got the same error now, using FortiManager but first asking support about it.

 

from what i remember from the past is that FortiManager doesn't need the admin account except when first setting up the connection. afterwards a SSL/TLS tunnel with certificate authentication is used, or did this change?

5086
0 Kudos
plz
New Contributor
In response to Wayne11

Created on ‎09-17-2018 10:57 AM

Update!!! after i disable fortitelemetry this alert still apear. I am getting the following log every around 30 minutes.

5085
0 Kudos
obasyouni
New Contributor

Created on ‎10-30-2020 02:17 PM

https://kb.fortinet.com/kb/documentLink.do?externalID=FD47698 Description This article explains why under some circumstances, FortiGate can show successful (or failed) logins from 127.0.0.1 when logging to a FortiAnalyzer. Solution When FortiGates are configured to log to FortiAnalyzer, under some circumstances there can be logs regarding admin logins (or failed attempts) from 127.0.0.1. FortiAnalyzer not only shows information based on FortiGate logs, but can retrieve additional information from the FortiGate directly. This is done by FortiAnalyzer triggering a login from the miglogd daemon running on FortiGate and then querying the FortiGate API. Due to FortiAnalyzer communicating with the miglogd daemon in FortiGate and triggering the login from there, FortiGate can report an admin login from 127.0.0.1 (as the login comes from a local daemon). If FortiAnalyzer does not have correct credentials for FortiGate, then the login can fail and a log message regarding a failed login from 127.0.0.1 will be generated. Note: Login credentials to be used by FortiAnalyzer can be set from the GUI under Device Manager , select 'FortiGate' and then ‘Edit’.
5085
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.