System Admin
Administrators
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
211
•
You can authenticate an administrator by using a password stored on the FortiGate unit,
an LDAP, RADIUS, or server, or by using PKI certificate-based authentication.
To authenticate an administrator with an LDAP or server, you must add the
server to an authentication list, include the server in a user group, and associate the
administrator with the user group.The RADIUS server authenticates users and authorizes
access to internal network resources based on the admin profile of the user. Users
authenticated with the PKI-based certificate are permitted access to internal network
resources based on the user group they belong to and the associated admin profile.
A VDOM/admin profile override feature supports authentication of administrators via
RADIUS. The admin user will have access depending on which VDOM and associated
admin profile he or she is restricted to. This feature is available only to wildcard
administrators, and can be set only through the FortiGate CLI. There can only be one
VDOM override user per system. For more information, see the
Viewing the administrators list
You need to use the default ”admin” account, an account with the super_admin admin
profile, or an administrator with read-write access control to add new administrator
accounts and control their permission levels. If you log in with an administrator account
that does not have the super_admin admin profile, the administrators list will show only
the administrators for the current virtual domain.
To view the list of administrators, go to
System > Admin > Administrators
.
Figure 106: Administrators list
Create New
Add an administrator account.
Name
The login name for an administrator account.
Trusted Hosts
The IP address and netmask of trusted hosts from which the administrator can
log in. For more information, see
“Using trusted hosts” on page 221
.
Profile
The admin profile for the administrator.
Type
The type of authentication for this administrator, one of:
Local
Authentication of an account with a local password stored on the FortiGate unit.
Remote
Authentication of a specific account on a RADIUS, LDAP, or server.
Wildcard
Authentication of any account on an LDAP, RADIUS, or server.
PKI
PKI-based certificate authentication of an account.
Delete
Change password
Edit
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...