What configuration should be set up to permit administrator logins on FortiAnalyzer from specific locations only?

Utilizing trusted hosts is the appropriate configuration to permit administrator logins on FortiAnalyzer from specific locations. Trusted hosts enable you to specify the IP addresses or address ranges from which administrator accounts are allowed to log in. This enhances security by effectively narrowing down the access points that can connect to the FortiAnalyzer.

By setting trusted hosts, administrators can ensure that only users connecting from designated and secure locations are granted access, thus minimizing the risk of unauthorized logins from rogue or potentially compromised networks. This method is essential for maintaining the integrity and confidentiality of administrative access.

On the other hand, restricted IP addresses may seem similar to trusted hosts but typically refer more broadly to the blocking of access rather than explicitly allowing it from specific locations. Meanwhile, enabling two-factor authentication adds an additional security layer but does not limit access to specific IP locations. Modifying admin roles is related to permissions and access rights within FortiAnalyzer, but it does not directly control the geographical or network access points for logging in.