Problem
Administrators cannot log in to the web UI or the CLI.
Solution
Use correct admin name and password combination
This may be obvious, but it should be the first thing to check.
Allow access for interface is not enabled
Each FortiMail interface has a set of administrator access protocols — HTTP, HTTPS, SSH, TELNET, PING, and SNMP. These are the methods an administrator can use to connect to FortiMail; any or all can be disabled on any interface.
For security purposes, you should only enable access that is required. If you open access for troubleshooting, remember to disable it afterwards. Failure to do so will leave a gap in your security that hackers might exploit.
To enable administrator access on the dmz interface
1. Logon as administrator.
2. Go to System > Network > Interface.
3. Select the interface and click Edit.
4. Under Access, select the protocols you want to use to access the interface.
5. Click OK.
6. Repeat for each interface where administrative access is required.
Trusted hosts for admin account will not allow current IP
A trusted host is a secure location where an administrator logs in. For example, on a secure network an administrator can to log in from an internal subnet but not from the Internet.
If an external administrator login is required, a secure VPN tunnel can be established with a set IP address or range of addresses that are entered as a trusted host address.
Trusted host login issues occur when an administrator attempts to log in from an IP address that is not included in the trusted host list.
To verify trusted host login issues
1. Record the IP address where the administrator is attempting to log in to the FortiMail unit.
2. Log in to the web UI and go to System > Administrator > Administrator.
3. Select the administrator account in question and click the Edit icon.
4. Compare the list of trusted hosts to the problem IP address. If there is a match, the problem is not due to trusted hosts.
5. If there is no match and the new address is valid (secure), add it to the list of trusted hosts.
6. Select OK.
If the problem was due to trusted hosts, the administrator can now log in.