FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
js2
Staff
Staff
Article Id 342975
Description This article describes that It is expected to see $ in the command line while logging into FortiGate using Read-only mode.
Scope FortiGate.
Solution
  1. Login to the super admin account from FortiGate and create a read-only profile.
  2. From GUI: Navigate to System -> Admin Profile -> Create New.


a1.png

 

From CLI:


config system accprofile

    edit "Read only"
        set secfabgrp read
        set ftviewgrp read
        set authgrp read
        set sysgrp read
        set netgrp read
        set loggrp read
        set fwgrp read
        set vpngrp read
        set utmgrp read
        set wanoptgrp read
        set wifi read
        set cli-diagnose enable
        set cli-get enable
        set cli-show enable
        set cli-exec enable
        set cli-config enable
    next
end

  1. Create an Administrator account for a read-only profile:

From GUI,  Go to System -> Administrators -> Create new -> Administrator.

 

a2.png

 
a3.png

 

From CLI:

 

config system admin
    edit "Test1"
        set accprofile "Read only"
        set vdom "root"
        set password ENC SH2FbjDIB1IS/v4X4M77vegU75YG0y0AP2LY3aghlG5xHpfA2ftUhVtVyiHidE=
    next
end

 

  1. Log out and log in to FortiGate using the new admin user Test1. Instead of #, $ indicates a read-only profile will appear.


boson-kvm08 $ config firewall policy
Unknown action 0

boson-kvm08 $ sh firewall policy
config firewall policy
end