Other security consideration for restricting access to the FortiAnalyzer GUI include the following:
- Configure administrator accounts using a complex passphrase for local accounts
- Configure administrator accounts using RADIUS, LDAP, TACACS+, or PKI
- Configure the administrator profile to only allow read/write permission as required and restrict access using read-only or no permission to settings which are not applicable to that administrator
- Configure the administrator account to only allow access to specific ADOMs as required
When setting up FortiAnalyzer for the first time or after a factory reset, the password cannot be left blank. You are required to set a password when the admin user tries to log in to FortiManager from GUI or CLI for the first time. This is applicable to a hardware device as well as a VM. This is to ensure that administrators do not forget to set a password when setting up FortiAnalyzer for the first time.
After the initial setup, you can set a blank password from System Settings > Administrators.