Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Is this the only way and correct way for this to work?not exactly Authentication is always again usergroups. Define your radius or tac+ server and include it within a usergroup; then associate the administrator with the user group. Done. regards
regards
/ Abel
Created on 01-29-2010 08:06 AM
I came to same conclusion John did, should I leave the password field blank?Not exactly; Authenticate FTG administrators against remote server (Radius, Tac+, etc) has different approach that standard non-administrative users. Indeed, for administrators, you have to include the password in the FTG even when it be authenticated against remote server; If you want block an administrator if the guy leaves your company, change its credentials in the TAC+ server; after that the authentication will fail for that admin. This don' t saves the extra work of entering into each FGT box to remove the administrator user, but you can prevent that him could connect to the box. regards,
regards
/ Abel
Created on 01-29-2010 08:51 AM
You can configure the FG to use the Wildcard option for TACACS. This way you do not need to provide either the Administrators username or password. The TACACS server authenticates the administrator, and then they are given the Access profile you have specified.p768 THANK YOU!!! Works like a charm! :D
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.