Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Trusted hosts question


if I have three administrators on fortigate but only the third have trusted hosts configured, then when I enable wan management, how fortigate behaves?:

-admin 1 and admin 2 can login from any source IP,

-or connection is only allowed for admin 3 and only from source ip that is configured on trusted hosts?


thanks for explanation.



  1. TCP connection is allowed, and login screen is displayed, to every IP that matches at least a single admin's trusthost configuration (if one admin has no trusthost setting, then ALL source-IPs are permitted)
  2. Once the unknown user attempts to log in, the login request will be permitted or denied based on the username provided and trusthost evaluation for the matching admin account.


In your case:
- login screen will be reachable to everyone

- admin1 + admin2 can log in from anywhere

- admin3 will be blocked from logging in unless coming from their trusthost IPs



Lastly, note that you can override trushosts with local-in policy. If a local-in policy says "DENY" for a given source-IP, the traffic will be blocked, regardless of any trusthost configuration.

[ corrections always welcome ]

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors