Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Forti1231
New Contributor II

Created on ‎11-06-2024 08:58 AM

Wrong login behaviour Fortigate 7.4.4 and 7.4.5

Hello everyone!

I am experiencing some weird behaviour with login on Fortigate device with os 7.4.4 and 7.4.5.

I can successfully login on the device with whatever username (but no one local username, try for example username: qwerfdsa) as long as the password is correct (the password of a local user or from a tacacs+ server).

I discovered this by mistake

There is anyone who also discovered this problem?

And also, there is a way to solve this problem?

Labels:
1394
0 Kudos
8 REPLIES 8
funkylicious
SuperUser
SuperUser

Created on ‎11-06-2024 09:52 AM

Hi,

Maybe this is enabled?

 

config system global
set admin-restrict-local enable
end

 

or , https://community.fortinet.com/t5/Support-Forum/Anyone-experiencing-GUI-Authentication-issues-on-7-4...

 

The problem was a combination of stale HTTPS administration sessions, coupled with the disabling of "Allow concurrent sessions" in System>Settings>Administration Settings.

 

"jack of all trades, master of none"
"jack of all trades, master of none"
1372
0 Kudos
Forti1231
New Contributor II
In response to funkylicious

Created on ‎11-06-2024 10:12 PM

Hi,

 

I’ve checked the admin-restrict-local and it is disable.

Also I’ve checked the other post that you’ve sent me and the problem is still here.

I think this is a big problem for Fortinet devices with this to version of OS 

1305
0 Kudos
HarryTran
Staff
Staff

Created on ‎11-06-2024 02:44 PM

Hi @Forti1231 

Is the issue on Web or console access ? If it happens on web, shall you try to access the device by private browser mode if it still persist?

Regards,

 Harry

1333
0 Kudos
Forti1231
New Contributor II
In response to HarryTran

Created on ‎11-06-2024 09:53 PM

Yes, is about web access and is still present on private too. I didn't try in console yet

1310
0 Kudos
dingjerry_FTNT
Staff
Staff

Created on ‎11-10-2024 08:46 PM

Hi @Forti1231 ,

 

I upgraded my FGT to 7.4.5, tried to login with "qwerfdsa" and password of my admin accounts, I couldn't replicate this issue.

 

BTW, I have local admin accounts only, no remote admin accounts.

Regards,

Jerry
1195
Forti1231
New Contributor II
In response to dingjerry_FTNT

Created on ‎11-11-2024 08:27 AM

When you have just local admin, there is no problem. 

Try to configure Tacacs+ with ascii authentication and after that, the problem appears.

 

1169
dingjerry_FTNT
Staff
Staff
In response to Forti1231

Created on ‎11-12-2024 10:51 AM

Hi @Forti1231 ,

 

I have found an existing Mantis 1070560 matching your issue.  This bug is for a combination of TACACS+ authentication + ASCII type.

 

The fix will be included in FortiOS 7.4.7 GA and 7.6.1 GA.

 

If possible, you may change to use the other authen-type settings.

Regards,

Jerry
1132
HarryTran
Staff
Staff

Created on ‎11-12-2024 10:24 AM

Hi Forti1231,
Much appreciate if you would do packets capture on the interface that communicates with the Tacacs+ server to see how the communication is? I wonder if the mis-behavior is on the Fortigate or the server-end.
Regards,

 Harry.

1135
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.