Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ArifS
Contributor

Created on ‎07-24-2023 10:34 PM

Restricting access to management console in FortiAuth

I configured allow access from specific subnets under admin user configuration, but it still allows access from anywhere. Is there anything am I missing?

FortiAuthAdmin.JPG

 

Labels:
2864
0 Kudos
1 Solution
ebilcari
Staff
Staff
In response to ArifS

Created on ‎08-02-2023 07:24 AM

FAC will check the request and refuse the connection if the URL will have a different domain. In your case I suspect from the browser you typed the URL of the the proxy. You have the option to allow all or manually specify the domains you can use on the end user browser to access FAC.

access.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

2597
0 Kudos
12 REPLIES 12
ebilcari
Staff
Staff
In response to ArifS

Created on ‎07-30-2023 02:05 AM

Even from the VPN, the access should be blocked if the source IP of the VPN users is not part of the subnet you have specified in admin user. Make sure you are not using NAT on the FW policy that allows VPN users access to FAC.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
613
0 Kudos
ArifS
Contributor

Created on ‎08-02-2023 05:35 AM

i added another port with different subnet and use this subnet redirect through Fortiweb. I admin access on https. However when I tried to access through fortiweb it says that you are not allowed to access this site through host/domain. I checked the logs in Fortiweb and can't find any logs for FortiAuth server to find out what causing the issue. 

598
0 Kudos
ebilcari
Staff
Staff
In response to ArifS

Created on ‎08-02-2023 07:24 AM

FAC will check the request and refuse the connection if the URL will have a different domain. In your case I suspect from the browser you typed the URL of the the proxy. You have the option to allow all or manually specify the domains you can use on the end user browser to access FAC.

access.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
2598
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.