admin User only with Reboot/Shutdown

That' s not possible with a restricted admin profile. You need the " System Configuration" category set as Read-Write and that opens up a lot of menu items (e.g. switching from NAT/routing mode into transparent mode). Probably you can shutdown the FGTs via FortiManager but I don' t have experience with FM - I only assume it' s a basic requirement included.

Have them pull the power cords.

Sorry, no way !! Here a comment from the Fortinet Support after I have two time lost the configuration in two different Fortigates. This after power off without shutdown. ######### The flash file system of FWF60C is sensitive as they use nand flash. It is likely to get corrupted in cases where a graceful shutdown is not performed before switching off the units. Over a period of time, there are chances of development of bad blocks. Then the flash needs to be scanned from the BIOS. After scan flash, please remember to format flash before load OS. ######### => Shutdown is recommended !!

the alternative is to create a batch job with plink (ssh command line) and encrypt the batch job.

Schedule a daily reboot and remove after a day?

Sorry, I don' t understand your respond ... The local IT people need to shutdown the Firewall, without more access to the Config in the Fortigate and with the possibility to do this direct locally. Only shutdown before they start works on the power line. This here is now the first time in our new Fortinet infrastructure where we need this. But we will have a lot of Fortigates in the world and in every site the need the possibility to shutdown the Fortigate, without have troubles after the power is back (See post above from me, regarding NAND and power off without priories a " good" shutdown). Again => access to restricted admin GUI / SSH with only shutdown access.

Bob, why? We can safely assume that a scheduled reboot will do a graceful shutdown first as not to corrupt the config. The point is that in order to set the daily reboot option you need admin privileges just like for an ' exec reboot' . So no gain this way but I thought of that option as well. But yes, OP would gain the liberty to set it during his working hours, and not at local realtime. But bit clumsy albeit as he' s got to disable the option again a day later. @OP: why don' t you consider running a FortiManager? Central management, no sharing to local admins (as this option clearly does not (yet) exist) and independence of local time schedule (?). You' d have to fast-read through the operating manual of a FM to explore this.

With a Fortimanager you could create a portal for special users to only allow tasks like shutdown/reboot and so on... A Fortimanager for >100 devices will for sure be a lot of help as well, but will also be some effort to implement, especially in the transition from 4.2 to 4.3... so I agree with Ede, that this might be the only real working solution... but not easy to achieve in just some small steps!!

If it would have been in our organisation I would have developed an web-application with two options: shutdown and reboot. Depending on the user rights the accessible firewalls will be shown in a list. Just make sure you keep it simple, without any possibilites that the user can shutdown/reboot the wrong firewall, or modify the script.

function request is opened at Fortinet. We will see, if they will add in the next release. Thanks for all your replays