Remote authentication server groups – FortiAnalyzer – FortiOS 6.2.3

Remote authentication server groups

Remote authentication server groups can be used to extend wildcard administrator access. Normally, a wildcard administrator can only be created for a single server. If multiple servers of different types are grouped, a wildcard administrator can be applied to all of the servers in the group.

Multiple servers of the same type can be grouped to act as backups – if one server fails, the administrator can still be authenticated by another server in the group.

To use a server group to authenticate administrators, you must configure the group before configuring the administrator accounts that will use it.

Remote authentication server groups can only be managed using the CLI. For more information, see the FortiAnalyzer CLI Reference.

To create a new remote authentication server group:

  1. Open the admin group command shell:

config system admin group

  1. Create a new group, or edit an already create group: edit <group name>
  2. Add remote authentication servers to the group:

set member <server name> <server name> …

  1. Apply your changes: end

To edit the servers in a group:

  1. Enter the following CLI commands:

config system admin group edit <group name> set member <server name> <server name> …

end

Only the servers listed in the command will be in the group.

To remove all the servers from the group:

  1. Enter the following CLI commands:

config system admin group edit <group name> unset member

end

All of the servers in the group will be removed.

To delete a group:

  1. Enter the following CLI commands:

config system admin group delete <group name>

end

This entry was posted in Administration Guides, FortiAnalyzer, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.