System Admin Administrators
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 269
http://docs.fortinet.com/ • Feedback
You can authenticate an administrator by using a password stored on the FortiGate unit,
an LDAP, RADIUS, or TACACS+ server, or by using PKI certificate-based authentication.
To authenticate an administrator with an LDAP or TACACS+ server, you must add the
server to an authentication list, include the server in a user group, and associate the
administrator with the user group.The RADIUS server authenticates users and authorizes
access to internal network resources based on the admin profile of the user. Users
authenticated with the PKI-based certificate are permitted access to internal network
resources based on the user group they belong to and the associated admin profile.
A VDOM/admin profile override feature supports authentication of administrators via
RADIUS. The admin user will have access depending on which VDOM and associated
admin profile he or she is restricted to. This feature is available only to wildcard
administrators, and can be set only through the FortiGate CLI. There can only be one
VDOM override user per system. For more information, see the FortiGate CLI Reference.
Viewing the administrators list
You need to use the default ”admin” account, an account with the super_admin admin
profile, or an administrator with read-write access control to add new administrator
accounts and control their permission levels. If you log in with an administrator account
that does not have the super_admin admin profile, the administrators list will show only
the administrators for the current virtual domain.
To view the list of administrators, go to System > Admin > Administrators.
Figure 119:
Administrators list
Create New Add an administrator account.
Name The login name for an administrator account.
Trusted Hosts The IP address and netmask of trusted hosts from which the administrator can
log in. For more information, see “Using trusted hosts” on page 280.
Profile The admin profile for the administrator.
Type The type of authentication for this administrator, one of:
Local Authentication of an account with a local password stored on the FortiGate unit.
Remote Authentication of a specific account on a RADIUS, LDAP, or TACACS+ server.
Remote+
Wildcard
Authentication of any account on an LDAP, RADIUS, or TACACS+ server.
PKI PKI-based certificate authentication of an account.
Delete
Change password
Edit