Fortinet 5.0 Patch 6 Maximum concurrent administrator sessions, Global web UI & CLI settings

Fortinet 51 FortiWeb 5.0 Patch 6 Administration Guide

As their name implies, trusted hosts are assumed to be (to a reasonable degree) safe sources of

administrative login attempts.

Configuring the trusted hosts of your administrator accounts (Trusted Host #1, Trusted Host #2,

and Trus ted Hos t #3 ) hardens the security of your FortiWeb appliance by further restricting

administrative access. In addition to knowing the password, an administrator must connect only

from the computer or subnets you specify. The FortiWeb appliance will not allow logins for that

account from any other IP addresses. If all administrator accounts are configured with specific

trusted hosts, FortiWeb will ignore login attempts from all other computers. This eliminates the

risk that FortiWeb could be compromised by a brute force login attack from an untrusted

source.

Trusted host definitions apply both to the web UI and to the CLI when accessed through Telnet,

SSH, or the CLI Console widget. Local console access is not affected by trusted hosts, as the

local console is by definition not remote, and does not occur through the network.

Relatedly, you can white-list trusted end-user IP addresses. End users do not log in to the

web UI, but their connections to protected web servers are normally subject to protective scans

by FortiWeb unless the clients are trusted. See “Blacklisting & whitelisting clients individually by

source IP” on page 335.