Fortinet 656 FortiWeb 5.0 Patch 6 Administration Guide
4. Go to Application Delivery > Authentication Policy > Authentication Policy and locate the
policy that contains the rule governing the problem user group. If the rule is not part of a
policy, there is no access.
5. Go to Policy > Web Protection Profile > Inline Protection Profile and determine which profile
contains the related authentication policy. If the policy is not part of a profile, there is no
access.
6. Make sure that inline protection profile is included in the server policy that applies to the
server the user is trying to access. If the profile is not part of the server policy, there is no
access.
Authentication involves user groups, authentication rules and policy, inline protection policy,
and finally, server policy. If a user is not in a user group used in the policy for a specific
server, the user will have no access.
When an administrator account cannot log in from a specific IP
If an administrator is entering his or her correct account name and password, but cannot log in
from some or all computers, examine that account’s trusted host definitions (see “Trusted Host
#1” on page 215). It should include all locations where that person is allowed to log in, such as
your office, but should not be too broad.
Remote authentication query failures
If your network administrators’ or other accounts reside on an external server (e.g. Active
Directory or RADIUS), first switch the account to be locally defined on the FortiWeb appliance. If
the local account fails, correct connectivity between the client and appliance (see “Connectivity
issues” on page 641). If the local account succeeds, troubleshoot connectivity between the
appliance and your authentication server. If routing exists but authentication still fails, you can
verify correct vendor-specific attributes and other protocol-specific fields by running a packet
trace (see “Packet capture” on page 633).
Resetting passwords
If someone has forgotten or lost his or her password, or if you need to change an account’s
password, the admin administrator can reset the password.
If you forget the password of the admin administrator, however, you will not be able to reset its
password through the web UI. You can either:
reset the FortiWeb appliance to its default state (including the default administrator account
and password) by restoring the firmware. For instructions, see “Restoring firmware (“clean
install”)” on page 663.
connect to the local console, reboot the FortiWeb appliance, and set the password (see “To
reset the admin account’s password” on page 657)
To reset an account’s password
1. Log in as the admin administrator account.
2. Go to System > User > User.
3. Click the row to select the account whose password you want to change.
4. Click Edit.
5. In the New Password and Confirm Password fields, type the new password.
6. Click OK.
The new password takes effect the next time that account logs in.