Preventing unwanted login attempts
Setting trusted hosts for an administrator limits what computers an administrator can log in from, causing the FortiGate unit to only accept the administrator’s login from the configured IP address. Any attempt to log in with the same credentials from any other IP address will be dropped.
Trusted hosts are configured when adding a new administrator by going to System > Admin > Administrators in the web-based manager or config system admin in the CLI.
To ensure the administrator has access from different locations, you can enter up to ten IP addresses, though ideally this should be kept to a minimum. For higher security, use an IP address with a net mask of 255.255.255.255, and enter an IP address (non-zero) in each of the three default trusted host fields. Also ensure all entries contain actual IP addresses, not the default 0.0.0.0.
The trusted hosts apply to the web-based manager, ping, SNMP, and the CLI when accessed through Telnet or SSH. CLI access through the console port is not affected.
See Also
• Passwords
• Change the admin username