FortiAuthenticator
FortiAuthenticator provides access management and single sign on.
jstan
Staff
Staff
Article Id 189674
Description
This article describes the meaning of the untrusted host/domain name error and how to resolve it.

Solution
1) By default, FortiAuthenticator only allows web GUI access using the IP address that is assigned to the FortiAuthenticator interfaces.
2) If the FortiAuthenticator is accessed via public IP or via port forwarding through a firewall (eg. Fortigate), notice the error as shown below.





3) To resolve the issue, it is necessary  to configure the following in FortiAuthenticator CLI through SSH/console:
# config system global
    set allowed-hosts 10.47.1.59
end
4) After configuring the above, the access to FortiAuthenticator will now be allowed.




5) If the FortiAuthenticator is accessed through domain name which is not configured as a FQDN under FortiAuthenticator, it is also necessary to configure the domain name under CLI to allow web access via domain name:
# config system global
    set allowed-hosts fac.ftnt.local
end



Contributors