Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Forti1231
New Contributor II

Wrong login behaviour Fortigate 7.4.4 and 7.4.5

Hello everyone!

I am experiencing some weird behaviour with login on Fortigate device with os 7.4.4 and 7.4.5.

I can successfully login on the device with whatever username (but no one local username, try for example username: qwerfdsa) as long as the password is correct (the password of a local user or from a tacacs+ server).

I discovered this by mistake

There is anyone who also discovered this problem?

And also, there is a way to solve this problem?

8 REPLIES 8
funkylicious
SuperUser
SuperUser

Hi,

Maybe this is enabled?

 

config system global
set admin-restrict-local enable
end

 

or , https://community.fortinet.com/t5/Support-Forum/Anyone-experiencing-GUI-Authentication-issues-on-7-4...

 

The problem was a combination of stale HTTPS administration sessions, coupled with the disabling of "Allow concurrent sessions" in System>Settings>Administration Settings.

 

"jack of all trades, master of none"
"jack of all trades, master of none"
Forti1231

Hi,

 

I’ve checked the admin-restrict-local and it is disable.

Also I’ve checked the other post that you’ve sent me and the problem is still here.

I think this is a big problem for Fortinet devices with this to version of OS 

HarryTran
Staff
Staff

Hi @Forti1231 

Is the issue on Web or console access ? If it happens on web, shall you try to access the device by private browser mode if it still persist?

Regards,

 Harry

Forti1231
New Contributor II

Yes, is about web access and is still present on private too. I didn't try in console yet

dingjerry_FTNT

Hi @Forti1231 ,

 

I upgraded my FGT to 7.4.5, tried to login with "qwerfdsa" and password of my admin accounts, I couldn't replicate this issue.

 

BTW, I have local admin accounts only, no remote admin accounts.

Regards,

Jerry
Forti1231

When you have just local admin, there is no problem. 

Try to configure Tacacs+ with ascii authentication and after that, the problem appears.

 

dingjerry_FTNT

Hi @Forti1231 ,

 

I have found an existing Mantis 1070560 matching your issue.  This bug is for a combination of TACACS+ authentication + ASCII type.

 

The fix will be included in FortiOS 7.4.7 GA and 7.6.1 GA.

 

If possible, you may change to use the other authen-type settings.

Regards,

Jerry
HarryTran
Staff
Staff

Hi Forti1231,
Much appreciate if you would do packets capture on the interface that communicates with the Tacacs+ server to see how the communication is? I wonder if the mis-behavior is on the Fortigate or the server-end.
Regards,

 Harry.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors