Pre-requisites:
- FMOS version must be 8.25.x or earlier
- Fortigate version of 4.0 and 5.0
*********************************************
In most cases, the super_admin_readonly profile account will retrieve the configurations for 4.0 and 5.0 Fortigate firewalls (For 4.0MR3 firewalls, it must be on patch3 or later). This applies to both VDOM enabled and non-VDOM enabled firewalls. However, for larger configurations, we have to configure the screen paging to display the entire configuration without pausing when the screen is full. This command requires read/write permissions to the System Configuration group for the admin profile.
In order to configure an admin account called firemon with mostly read-only permissions and read/write permissions for the System Configurations group, run the following commands in the CLI:
In VDOM mode
config global
config system accprofile
edit "read_only_firemon"
set admingrp read
set authgrp read
set endpoint-control-grp read
set fwgrp read
set loggrp read
unset menu-file
set mntgrp read
set netgrp read
set routegrp read
set scope global
set sysgrp read-write
set updategrp read
set utmgrp custom
set vpngrp read
set wifi read
config utmgrp-permission
set antivirus read
set application-control read
set data-loss-prevention read
set ips read
set spamfilter read
set webfilter read
end
next
end
config system admin
edit firemon
set accprofile read_only_firemon
end
If not in VDOM mode, the same configuration applies except remove the first command config global
Comments
0 comments
Article is closed for comments.