Fortinet FortiGate Series Administration Manual page 271

System Admin
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Figure 122: Administrator account configuration - PKI authentication
Administrator Enter the login name for the administrator account.
The name of the administrator should not contain the characters <>()#"'.
Using these characters in the administrator account name can result in a cross
site scripting (XSS) vulnerability.
Type Select the type of administrator account:
Regular Select to create a Local administrator account. For more information, see
"Configuring regular (password) authentication for administrators" on
page
Remote Select to authenticate the administrator using a RADIUS, LDAP, or TACACS+
server. Server authentication for administrators must be configured first. For
more information, see
on page
PKI Select to enable certificate-based authentication for the administrator. Only
one administrator can be logged in with PKI authentication enabled. For more
information, see
on page
User Group Select the administrator user group that includes the Remote server/PKI
(peer) users as members of the User Group. The administrator user group
cannot be deleted once the group is selected for authentication.
This is available only if Type is Remote or PKI.
Wildcard Select to allow all accounts on the RADIUS, LDAP, or TACACS+ server to be
administrators.
This is available only if Type is Remote. Only one wildcard user is permitted
per VDOM.
Password Enter a password for the administrator account. For improved security, the
password should be at least 6 characters long.
This is not available if Wildcard is selected or when Type is PKI.
See the Fortinet Knowledge Center article
account passwords
and cannot log in to your FortiGate unit.
Confirm Password Type the password for the administrator account a second time to confirm that
you have typed it correctly.
This is not available if Wildcard is selected or when PKI authentication is
selected.
Trusted Host #1 Enter the trusted host IP address and netmask that administrator login is
restricted to on the FortiGate unit. You can specify up to three trusted hosts.
Trusted Host #2
These addresses all default to 0.0.0.0/0 or 0.0.0.0/0.0.0.0.
Trusted Host #3
For more information, see
272.
"Configuring remote authentication for administrators"
272.
"Configuring PKI certificate authentication for administrators"
278.
if you forget or lose an administrator account password
"Using trusted hosts" on page
Administrators
Recovering lost administrator
280.
271