Chapter 2 – Getting Started

Adding a local administrator

Only administrators with read-write for Administrator Users can create a new administrator account.

1. Go to System > Administrators.

2. Select Create New.

3. Add a Name for the administrator.

The name of the administrator should not contain the characters <>()#”‘. Using these characters in the administrator account name can result in a cross site scripting (XSS) vulnerability.

4. Set Type to Local User.

5. Enter the password for the user. This may be a temporary password that the administrator can change later.

Passwords can be up to 256 characters in length. For more information on passwords, see Administrators on page

220.

6. Select OK.

 

 

To add an administrator – CLI

config system admin edit <admin_name>

set password <password>

set accprofile <profile_name>

end

 

LDAP authentication for administrators

Administrators can use remote authentication, such as LDAP, to connect to the FortiGate. To do this, requires three steps:

  • configure the LDAP server
  • add the LDAP server to a user group
  • configure the administrator account

 

Configure the LDAP server

First set up the LDAP server as you normally would, and include a group to bind to.

 

 

To configure the LDAP server – GUI

1. Go to User & Device > LDAP Servers and select Create New.

2. Enter a Name for the server.

3. Enter the Server IP address or name.

4. Enter the Common Name Identifier and Distinguished Name.

5. Set the Bind Type to Regular and enter the User DN and Password.

6. Select OK.

 

 

To configure the LDAP server – CLI

config user ldap

edit <ldap_server_name> set server <server_ip> set cnid cn

set dn DC=XYZ,DC=COM

set type regular

set user name CN=Administrator,CN=Users,DC=XYZ,DC=COM

set password <password>

set member-attr <group_binding>

end

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.