Removing a single vdom from FM

Forum|Forum|8 years ago
July 27, 2017
1 reply
4852 views

hi all,

we have a 600D with 10 vdoms. The FM is logically connected in a secure DMZ. One of the vdom's is dedicated for a 3rd party who do all management of it.

Is there away I can either

1) remove the single vdom for fortimanager

2) provide an account that can write to the device without having super_admin access to all the other vdoms on the device

right now their account can login in, is presented with the "managed by foritmanager" message but read only mode is the only option. The only way I have found around this is changing the account to super admin which gives them the option to enter as read/write mode but I cannot lock them down to their specific vdom after that.

thanks

chall_FTNT

Staff

It looks like your goal is to allow this 3rd party access to their VDOM. I would recommend you consider doing that through the FortiManager GUI by setting up a restricted admin account for them. Individuals VDOMs can also be placed in separate ADOMs on the FortiManager.

As for the FGT GUI, by design, only super-admin accounts are given the option to override the Read-Only restriction.

flamerAuthor

New Member

Thanks for that, I do realise adom in FM may be the only solution but our issue with that is, the Fortimanager has a Single IP in a private network, so the issue is they physically cannot get to that IP address range, currently they connect to an interface on the fortigate that is physically connected into their LAN.

thanks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded