FortiMail Troubleshooting: Access Difficulty


The Troubleshooting recipes are here to assist you in diagnosing and remedying any problems you experience when using your FortiMail unit.

This recipe guides you through the process of troubleshooting access problems, such as an administrator account that can’t connect to the basic web UI or problems logging in as an administrator.


Problem #1: Inaccessible Basic UI

An administrator account can’t connect to the basic mode of the web interface or the CLI, despite being able to connect to the advanced mode of the web UI.

The Solution

Set the administrator account’s Domain to System. Domain administers, also known as tiered administrators, cannot access the CLI or the basic mode of the GUI. For more information, see FortiMail operation modes on page 23 of the Administrator Guide.

Problem #2: Log in Issues

Administrators cannot log in to the web UI or the CLI.

The Solution

First, make sure you’re using the correct admin name and password.

Each FortiMail interface has a set of administrator access protocols. These are the methods an administrator uses to connect to FortiMail. Any or all of these protocols can be disabled on any interface.

IMPORTANT: For security purposes, you should only enable access that is required. If you open access for troubleshooting, remember to disable it when you’re done. Failure to disable access may result in a security breach.

To enable administrator access on the dmz interface

  1. Log in as administrator.
  2. Go to System > Network > Interface.
  3. Select the interface and select
  4. Select the protocols you wish to use to acess the interface in the Access
  5. Select

Repeat for each interface where administrative access is required.

Problem #3: Trusted Host Issues

The trusted hosts for the admin account will not allow the current IP.

The Solution

If an external administrator login is required, a secure VPN tunnel can be established with a set IP address or range of addresses that are entered as a trusted address.

Trusted host login issues occur when an administrator attempts to log in from an IP address that is not included in the trusted host list.

To verify trusted host login issues

  1. Record the IP address where the administrator is attempting to log in to the FortiMail unit.
  2. Log in to the web UI and go to System > Administrator > Administrator.
  3. Select the administrator account in question and click the Edit icon.
  4. Compare the list of trusted hosts to the problem IP address. If there is a match, the problem is not due to trusted hosts.
  5. If there is no match and the new address is valid (secure), add it to the list of trusted hosts.
  6. Select OK.

If the problem was due to trusted hosts, the administrator can now log in.