Scribd Logo
Upload

Welcome to Scribd!

  • Modulo 01.02 Intro - LAB Administrators PDF

    Uploaded by

    Jesus Flores
    6 views9 pages
    The document discusses configuring password policies, administrators, and administrator profiles on a FortiGate firewall. It shows how to: - Configure the password policy settings such as minimum length, complexity rules, and expiration. - View the configuration of the default "admin" administrator account and its profile. - Create a new "gestor" administrator account and assign it a profile with limited permissions. - Configure trusthost rules to only allow the "gestor" account to log in from a specific IP address. - View logs showing the "gestor" login failed because the source IP did not match the configured trusthost.

    Original Description:

    Original Title

    Modulo 01.02 Intro - LAB Administrators.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses configuring password policies, administrators, and administrator profiles on a FortiGate firewall. It shows how to: - Configure the password policy settings such as minimum length, complexity rules, and expiration. - View the configuration of the default "admin" administrator account and its profile. - Create a new "gestor" administrator account and assign it a profile with limited permissions. - Configure trusthost rules to only allow the "gestor" account to log in from a specific IP address. - View logs showing the "gestor" login failed because the source IP did not match the configured trusthost.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views9 pages

    Modulo 01.02 Intro - LAB Administrators PDF

    Uploaded by

    Jesus Flores
    The document discusses configuring password policies, administrators, and administrator profiles on a FortiGate firewall. It shows how to: - Configure the password policy settings such as minimum length, complexity rules, and expiration. - View the configuration of the default "admin" administrator account and its profile. - Create a new "gestor" administrator account and assign it a profile with limited permissions. - Configure trusthost rules to only allow the "gestor" account to log in from a specific IP address. - View logs showing the "gestor" login failed because the source IP did not match the configured trusthost.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    NSE4 7.

    2 Infrastructure

    Módulo 01.02 Intro

    LAB Administrators

    Eduardo Aliaga
    Configurar Password Policy Escoger “Admin” y luego “Apply”

    System > Settings:

    FG # show system password-policy


    config system password-policy El comando equivalente en CLI
    set status enable
    end
    Mostrar la full-configuration del
    FG # show full-configuration system password-policy
    config system password-policy
    password policy
    set status enable
    set apply-to admin-password
    set minimum-length 8
    set min-lower-case-letter 0
    set min-upper-case-letter 0
    set min-non-alphanumeric 0
    set min-number 0
    set min-change-characters 0
    set expire-status disable
    set reuse-password enable
    end
    Mostrar administrator “admin”
    Mostrar la config del adminstrator “admin” en la consola
    FG # show system admin
    config system admin
    edit "admin"
    set accprofile "super_admin"
    set vdom "root"
    set password ENC SH2nQm+ibXC54ZbWftXIIBypIfpdG/rQB4iPWvmQ4ajdtCvkXobH4olFReTeGw=
    next
    end

    Mostrar la config del adminstrator “admin” en GUI

    System > Administrators:


    Mostrar “Administrator Profiles”
    Mostrar la config de “administrator profiles”
    FG # show system accprofile
    config system accprofile
    edit "prof_admin"
    set secfabgrp read-write
    set ftviewgrp read-write
    set authgrp read-write
    set sysgrp read-write
    set netgrp read-write
    set loggrp read-write
    set fwgrp read-write
    set vpngrp read-write
    set utmgrp read-write
    set wanoptgrp read-write
    set wifi read-write
    next
    end

    Mostrar la config de “administrator profiles” en GUI

    System > Admin Profiles:


    Crear administrator “Gestor”
    Crear “gestor”

    System > Administrators:

    Password es consultel

    Mostrar a “gestor” creado


    System > Administrators:
    Login con “gestor”
    Salir de “admin” y entrar con “gestor”

    Comprobar que “gestor” no puede ver ni modificar nada del administrador “admin”
    System > Administrators:

    Salir de “gestor”
    TrustHost
    Configurar para que “gestor” sólo pueda ser usado desde la IP 1.2.3.4 (que no existe en el lab). Notar que esta
    config también se puede hacer en GUI
    FG # sh system admin gestor
    config system admin
    edit "gestor"
    set accprofile "prof_admin"
    set vdom "root"
    set password ENC SH22S2h/c56qzW9NZaU7tny7GGWLN/nrgo0KFGqcBAbjGrIx1mEFDH9FQAet1U=
    next
    end

    FG # config system admin


    FG (admin) # edit gestor
    FG (gestor) # set trusthost1 1.2.3.4/32
    FG (gestor) # end

    Verificar que no se puede entrar con “gestor” porque la IP origen no es 1.2.3.4


    Log “administrator gestor login failed”
    Ingresar con “admin”

    Buscar el log “Administrator gestor login failed”

    Log & Report > System Events:

    Click en filtro

    Tipear login

    Escoger Message

    Escoger “Administrator gestor login failed”


    Log “administrator gestor login failed”
    Click en el log y luego click en Details. Se comprueba que falló porque la IP origen es 192.168.3.7.

    You might also like