Hi,
On Fortigate FortiOS 6.4, this is I'd like to do:
Limit an admin login to a single session, so if another login happened with the same admin user from another system (another PC), the current session goes off.
Is that possible?
Regards,
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes, it is doable.
see how to here: https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-set-a-maximum-number-of-logged-in/...
If you limit number of admin sessions to 1, then next admin after authentication will be asked what to do with the currently logged in admin, including option to disconnect him and go with the session.
Opposite of this would be to limit admin to just 1 sessions, but to DENY any other admin sessions without option to disconnect the current one:
FortiGate-VM64 # config sys global
FortiGate-VM64 (global) # set admin-concurrent
enable Enable admin concurrent login.
disable Disable admin concurrent login.
FortiGate-VM64 (global) # set admin-concurrent disable
FortiGate-VM64 (global) # end
Then any additional admin log in will be prevented with the error of wrong username/password, until the current admin session ends:
The client has disconnected from the server. Reason:
Unable to authenticate using any of the configured authentication methods.
HTH
Yuri
Thanks but I see problems:
-Firstly, we are two admins say Jack and Jill and we work simultaneously so many times so there is a need to be two concurrent admin sessions, but, we need to limit Jack's sessions to 1 so if any other session with the same username is getting connected from another device, the current one will be disconnected and you'll find out there is some malicious activity. I like these behaviours and settings to be controlled per admin username not per any admin defined.
- In option provided in the link, you should SSH to the device and disconnect the current session. No option to do this just at the GUI and go on with the login?
Sorry to up this discussion but as I want to wrap it up, and as I asked: Are these settings applicable in a per-admin-user mode (For instance, limiting Jack to two sessions but Jimmy to just one) and the other elaboration and conditions I explained?
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1707 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.