Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aaltameemi
New Contributor

admin-restrict-local on fortigate

Greetings,

 

I enabled admin-restrict-local on FortiGate and tested it which is working as expected. now I need a way to keep it enabled which only accessable when TACACS is down but in the same time allow specific sources to access local admin account even if TACACS is up. is this possible?

 

I don`t want to use trusted hosts becasue I am using local-in-policy instead.

3 REPLIES 3
ndumaj
Staff
Staff

Hello,

admin-restrict-local can be enabled under "config system global" so you can play with the admin account.

Guide:
https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/766272/remote-authentication...
BR

- Happy to help, hit like and accept the solution -
ndumaj

Additionally this article might help as well:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-TACACS-authentication-and...

BR

- Happy to help, hit like and accept the solution -
aaltameemi
New Contributor

Hi ndumaj,

 

Thanks for your reply, I have these document but it is not a solution in my scenario.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors