FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mpuente
Staff
Staff
Purpose
To prevent Administrator access to the GUI but still allow admin access via the CLI

Expectations, Requirements
Administrator access only via SSH CLI
Configuration
1 Create an Administrator Profile in the GUI

Here, you can define which access controls you require None, Read Only & Read-Write
System >> Admin Profiles >> Create New

mpuente_Admin _Profile.png
2 Create an administrator

Create the Administrator user and apply administrator Profile created in step 1
Enable Restrict login to trusted hosts >> Define the IP ranges for admin access
System >> Administrators >> Create new 

mpuente_New_Admin.jpg
3 Create a new Object/Address

Create an IP Addresses object with the same range as admin Trusted Host (Step 2)
Policy & Objects >> Addresses >> Create new address

mpuente_New address.PNG

4 Enable local-in-policy

Finally configure the local-in policy to reject HTTP, HTTPS and TELNET.  This will only allow SSH CLI access.

cli_fip2.PNG


Verification
Results:
admin_cli has access only via CLI and not via GUI

admin_admin.PNG
admin_admingui.PNG


Contributors