Management & Analytics

Expand all | Collapse all

Fortimanager admin account

  • 1.  Fortimanager admin account

    Posted May 12, 2020 09:01 AM
    Do we need to keep the local admin accounts on the Fortigates if we are using Fortimanager?

    ------------------------------
    Wil Sudds
    ------------------------------


  • 2.  RE: Fortimanager admin account

    Posted May 13, 2020 11:34 AM
    My opinion is to keep at least one local admin account in case you need a way to login locally when there is no connectivity to FortiManager (for whatever reason).


  • 3.  RE: Fortimanager admin account

    Posted May 13, 2020 01:40 PM
    Thanks Jim,

    I have created to two additonal accounts on the local Fortigates and wanted to know if it is okay to remove the default local account. 

    Thanks,


  • 4.  RE: Fortimanager admin account

    Posted May 14, 2020 05:36 AM
    You didn't say whether you were reasonably current on your FortiManager firmware. Although there is still admin user configuration for the FMG device, I believe under the covers it now uses a different method (Fortimanager_Access/fgfm_tunnel) for performing things on a unit from its perspective. The only thing I know of that may use it is the "Connect to CLI via" functionality, but you should be able to change that when connercting if you use it. Perhaps others on this list know of other things. It might be best to test with one unit, if possible, to check for impact.


  • 5.  RE: Fortimanager admin account

    Posted May 14, 2020 04:08 PM
    We manage an enterprise network with over 50 Fortigates and some of the local accounts have been removed months ago. I was just wondering if this account was needed for anything else. You are right we use the CLI occasionally, also we can connect to all Fortigates outside of Fortimanager with the created local user accounts. I think it is safe to say they are not needed. The reason I am asking was that we are showing some SIEM logs from the local user account on some Fortigates that keeps trying to log in to itself at 127.0.0.1. If this account was removed from these devices the error would also go away.