Fortigate - Admin access - trusted hosts

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Note - this reports on the trusted hosts for the default user 'admin'. You can choose to copy this check and replace the username 'admin' with other user names. Setting trusted hosts for an administrator limits what computer/location an administrator can log into the FortiGate unit from. When you identify a trusted host, the FortiGate unit will only accept the administrator's login from the configured IP address of the trusted host. Any attempt to log in with the same credentials from any other IP address will be dropped.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To add a trusted host for an administrative user, use the following command:

config system admin
edit <name_str>
set {trusthost1 | trusthost2 | trusthost3 | trusthost4
| trusthost5 | trusthost6 | trusthost7 | trusthost8
| trusthost9 | trusthost10} <address_ipv4mask>
end

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17

Plugin: FortiGate

Control ID: 87627def9267c2a1b1d36a2a14f54e2afb12794a739e93451ba4429217e8f74e