Search Our Database

Fortigate Disable a VPN User

Last updated on |
under
Networking & Security, VPN, Linux
|
by

Overview

This guide outlines the steps to disable a specific VPN user configured on a Fortinet FortiGate hardware firewall. Disabling a local user account will effectively block VPN access if the VPN is authenticated against the local user database. This is administrative task in secure access management, to ensure least privilege and access revocation in compliance with standard security practices.

 

Prerequisites

Before proceeding, ensure you have the following:

  • Access to FortiGate Web GUI or CLI (admin privileges required)
  • The VPN user is a local user
  • Identification of the inactive user (username).
  • Active session to FortiGate (HTTPS or SSH)
  • Backup of current configuration (recommended for change control and rollback).

 

Step-by-Step Instructions

Option 1: Using FortiGate Web GUI

  1. Login to FortiGate Web GUI
    • Access: https://<firewall-ip>
    • Login with an administrator account.
  2. Navigate to User & Authentication
    • Go to User & Authentication > User Definition
  3. Locate the User
    • Find the local user you want to disable.
  4. Edit the User
    • Click on the user entry to edit.
  5. Disable the User
    • Uncheck the “Enable this user” checkbox.
    • Click OK to save changes.
  6. Verify Access
    • Ensure the user status shows as disabled.

 

Option 2: Using FortiGate CLI

  1. Access CLI
    • SSH into the firewall or use the Web GUI CLI Console.
  2. Enter Configuration Mode
config user local

edit <username>
set status disable
next
end

 

Confirm Configuration

show full-configuration user local | grep -A 3 '<username>'

Ensure status disable is reflected.

 

Conclusion

You have now successfully disabled VPN user for your Fortigate Firewall.

Related Article

Related Posts