Fortinet 5.0 Patch 6 When an administrator account cannot log in from a specific IP, Remote authentication query failures, Resetting passwords

Fortinet 656 FortiWeb 5.0 Patch 6 Administration Guide

4. Go to Application Delivery > Authentication Policy > Authentication Policy and locate the

policy that contains the rule governing the problem user group. If the rule is not part of a

policy, there is no access.

5. Go to Policy > Web Protection Profile > Inline Protection Profile and determine which profile

contains the related authentication policy. If the policy is not part of a profile, there is no

access.

6. Make sure that inline protection profile is included in the server policy that applies to the

server the user is trying to access. If the profile is not part of the server policy, there is no

access.

Authentication involves user groups, authentication rules and policy, inline protection policy,

and finally, server policy. If a user is not in a user group used in the policy for a specific

server, the user will have no access.

When an administrator account cannot log in from a specific IP

If an administrator is entering his or her correct account name and password, but cannot log in

from some or all computers, examine that account’s trusted host definitions (see “Trusted Host

#1” on page 215). It should include all locations where that person is allowed to log in, such as

your office, but should not be too broad.

Remote authentication query failures

If your network administrators’ or other accounts reside on an external server (e.g. Active

Directory or RADIUS), first switch the account to be locally defined on the FortiWeb appliance. If

the local account fails, correct connectivity between the client and appliance (see “Connectivity

issues” on page 641). If the local account succeeds, troubleshoot connectivity between the

appliance and your authentication server. If routing exists but authentication still fails, you can

verify correct vendor-specific attributes and other protocol-specific fields by running a packet

trace (see “Packet capture” on page 633).

Resetting passwords

If someone has forgotten or lost his or her password, or if you need to change an account’s

password, the admin administrator can reset the password.

If you forget the password of the admin administrator, however, you will not be able to reset its

password through the web UI. You can either:

• reset the FortiWeb appliance to its default state (including the default administrator account

and password) by restoring the firmware. For instructions, see “Restoring firmware (“clean

install”)” on page 663.

• connect to the local console, reboot the FortiWeb appliance, and set the password (see “To

reset the admin account’s password” on page 657)

To reset an account’s password

1. Log in as the admin administrator account.

2. Go to System > User > User.

3. Click the row to select the account whose password you want to change.

4. Click Edit.

5. In the New Password and Confirm Password fields, type the new password.

6. Click OK.

The new password takes effect the next time that account logs in.