Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aaltameemi
New Contributor

Created on ‎02-01-2024 08:38 PM Edited on ‎02-01-2024 08:39 PM

admin-restrict-local on fortigate

Greetings,

 

I enabled admin-restrict-local on FortiGate and tested it which is working as expected. now I need a way to keep it enabled which only accessable when TACACS is down but in the same time allow specific sources to access local admin account even if TACACS is up. is this possible?

 

I don`t want to use trusted hosts becasue I am using local-in-policy instead.

Labels:
776
0 Kudos
3 REPLIES 3
ndumaj
Staff
Staff

Created on ‎02-02-2024 01:02 AM

Hello,

admin-restrict-local can be enabled under "config system global" so you can play with the admin account.

Guide:
https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/766272/remote-authentication...
BR

- Happy to help, hit like and accept the solution -
750
ndumaj
Staff
Staff
In response to ndumaj

Created on ‎02-02-2024 01:04 AM

Additionally this article might help as well:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-TACACS-authentication-and...

BR

- Happy to help, hit like and accept the solution -
748
aaltameemi
New Contributor

Created on ‎02-02-2024 08:35 AM

Hi ndumaj,

 

Thanks for your reply, I have these document but it is not a solution in my scenario.

727
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.