Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
tkanneganti
Staff
Staff

Created on ‎12-29-2022 06:52 AM

Article Id 241399

Troubleshooting Tip: Configuring a wildcard option when remote-auth is enabled on a system admin's login to FortiSwitch

Description This article describes how to avoid issues where admin users have read-write access even though only read-only access was configured.
Scope FortiSwitch 7.x.
Solution

In some scenarios, admin users with remote-auth enabled and read-only access configured can have both read and write access. This occurs when the wildcard option is enabled on both admin profiles. 

 

To learn how to configure remote-auth, refer to page 52 and 77 of the following document: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/d887c3dd-ee67-11ec-bb32-fa163e....

 

To use remote-auth, admin users login on FortiSwitch. Currently, only a single administrator with wildcards is supported at a time. If the wildcard is enabled on two or more system admins, such as where one system has a super_admin profile and another has a prof_viewer profile, the identity is verified as 'super_admin system admin', which causes the read-only user to have read and write access after logging in.

 

To ensure admins have the correct access, it is recommended to enable the wildcard option only on one super admin profile.

 

Labels:
212
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.