PurposeTo prevent Administrator access to the GUI but still allow admin access via the CLI
Expectations, RequirementsAdministrator access only via SSH CLI
Configuration1 Create an Administrator Profile in the GUI
Here, you can define which access controls you require None, Read Only & Read-Write
System >> Admin Profiles >> Create New
2 Create an administrator
Create the Administrator user and apply administrator Profile created in step 1
Enable Restrict login to trusted hosts >> Define the IP ranges for admin access
System >> Administrators >> Create new
3 Create a new Object/Address
Create an IP Addresses object with the same range as admin Trusted Host (Step 2)
Policy & Objects >> Addresses >> Create new address
4 Enable local-in-policy
Finally configure the local-in policy to reject HTTP, HTTPS and TELNET. This will only allow SSH CLI access.
VerificationResults:admin_cli has access only via CLI and not via GUI