Technical Tip: How to access to the GLOBAL VDOM with read-only access permission
Description
This article describes how to access to the GLOBAL VDOM with read-only access permission.
Solution
In some cases, it is necessary to give read-only access to the GLOBAL VDOM (for example, while performing audit or scanning FortiGate by using 3rd party units).
For that, on FortiGate, it is possible to use 'super_admin_readonly' administrator profile.
Note that manually created custom read-only administrator profiles only can be used to access to particular VDOMs, but not to the GLOBAL VDOM.
1) Create a new administrator with the 'super_admin_readonly' administrator profile:
This article describes how to access to the GLOBAL VDOM with read-only access permission.
Solution
In some cases, it is necessary to give read-only access to the GLOBAL VDOM (for example, while performing audit or scanning FortiGate by using 3rd party units).
For that, on FortiGate, it is possible to use 'super_admin_readonly' administrator profile.
Note that manually created custom read-only administrator profiles only can be used to access to particular VDOMs, but not to the GLOBAL VDOM.
1) Create a new administrator with the 'super_admin_readonly' administrator profile:
2) Login by using created administrator and check the access to the GLOBAL VDOM:
3) Verify administrator profiles from CLI:
FGVM04 (global) # get system info admin status
Index User name Login type From
Logged in users: 2
USERNAME TYPE FROM TIME
admin ssh 10.109.63.254 Fri Dec 13 16:34:41 2019
read http 10.109.63.254 Fri Dec 13 17:38:04 2019
FGVM04 (global) # execute disconnect-admin-session
<integer> Index of admin to be disconnected
Currently connected admins:
INDEX USERNAME TYPE VDOM PROFILE FROM TIME
0 admin ssh root super_admin 10.109.63.254 Fri Dec 13 16:34:41 2019
1 read http root super_admin_readonly 10.109.63.254 Fri Dec 13 17:38:04 2019
Related Articles
Troubleshooting Tip: How to list or disconnect administrators connected to a FortiGate