friends good day
One question: For security reasons we have to remove all admin accounts from fortigate.
However, the following is displayed on the dashboard:
It is observed that the admin account is associated with the ip 172.0.0.1, which is a local host.
Would deleting the admin account have any impact?
Hello @unknown1020
Kindly follow below doc. link to delete "the default 'admin' user account on a FortiGate unit"
Thanks,
Shaleni
Thanks for answering, so it doesn't generate any impact by deleting that account? since in the second image it is displayed that the IP 172.0.0.1 associated with the admin account appears. And from what I understand, that IP is a local host.
Actually, from some point of 6.0.x, you can delete "admin" admin user directly without renaming it to something else. We do that all the time to virtually all FGTs we install for our customers. No particular side effect I'm aware of.
Just need to create a new admin user, then re-login in to it with the new user name. Then you can remove the "admin".
config sys admin
edit "new-admin"
set accprofile "super_admin"
set password <whaterver_the_password_is>
next
end
exit
Then login with "new_admin".
config sys admin
delete admin
end
Toshi
Hi @unknown1020
In Foritgate you can rename or delete an admin account without any bad consequences whatsoever.
Here is how to do it on CLI of the FortiGate.
1) Before diving into the config, you may want to know a few facts about the procedure:
2) You cannot rename/delete the admin user while logged in with it.
3) You have to create first another user privileged enough (super_admin) to make changes to admin. This way Fortigate prevents you from locking yourself out of the management.
4) Just renaming the admin does NOT alter its password, so you can still log in with the existing one.
5)You can rename the user back to admin if you want to, i.e. the renaming is reversible.
6) If you delete admin, you can later create a new user named admin again.
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
First, you are currently logged in as 'admin'. Your sessions are shown in the screenshot.
As long as you are logged in, you cannot remove the account.
Create a new administrative account with profile 'super_admin', log out, log in as the new user and delete the 'admin' account.
This will have no adverse effects whatsoever.
Second, what you observe is sessions to '127.0.0.1', not '172.0.0.1'. The first is the 'localhost' address, that is, the PC you are currently logged in to. The second is indeed a private address of a LAN which is unknown to you (no wonder). So in short, this is perfectly OK.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.