We've been managing our FGTs with FMG for a while, and we've been trying to figure out how to restrict access to the FMG. We are using SAML SSO, so trusted hosts option isn't available - at least, it doesn't appear that logins for SSO can be restricted to trusted hosts. I also don't see an option for implementing local-in-policy. Even though all our FGTs are controlled by these controls, our FMG isn't - anyone in our organization can attempt to login, though we do have logins restricted to a particular group. Especially in light of the critical FMG vulnerability last year, this seems like a serious oversight if it can't be done - hence, I believe it can, but we just can't find the right area to configure.
How are you folks approaching limiting access to which hosts can log into the FMG?
Chris: I wasn't aware of this. I'll get with our team that handles that. I appreciate the info.
Toshi, FMG is 7.2.8, so I'll check this out.
Thanks all for the replies.
Ours is also 7.2.8. I verified it's there in CLI. Not sure about GUI though. I assume GUI wouldin't be there until 7.6.x or something, since even FGT started with 7.6.x for GUI part.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1788 | |
1119 | |
768 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.