Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

Created on ‎12-13-2022 05:20 AM

Trusted hosts question

Hi,

if I have three administrators on fortigate but only the third have trusted hosts configured, then when I enable wan management, how fortigate behaves?:

-admin 1 and admin 2 can login from any source IP,

-or connection is only allowed for admin 3 and only from source ip that is configured on trusted hosts?

 

thanks for explanation.

 

Labels:
684
0 Kudos
1 REPLY 1
pminarik
Staff
Staff

Created on ‎12-13-2022 05:26 AM Edited on ‎12-13-2022 05:29 AM

  1. TCP connection is allowed, and login screen is displayed, to every IP that matches at least a single admin's trusthost configuration (if one admin has no trusthost setting, then ALL source-IPs are permitted)
  2. Once the unknown user attempts to log in, the login request will be permitted or denied based on the username provided and trusthost evaluation for the matching admin account.

 

In your case:
- login screen will be reachable to everyone

- admin1 + admin2 can log in from anywhere

- admin3 will be blocked from logging in unless coming from their trusthost IPs

 

----------

Lastly, note that you can override trushosts with local-in policy. If a local-in policy says "DENY" for a given source-IP, the traffic will be blocked, regardless of any trusthost configuration.

[ corrections always welcome ]
682
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.