Description |
This article describes how to grant read only admins with diagnose commands so that they can perform basic diagnostics |
Scope |
FortiOS 6.4.0 or above. |
Solution |
- Prior to FortiOS 6.4.0, read only admins do not have any rights to run diagnostic commands such as # diag sniffer and # diag debug. - In FortiOS 6.4.0, a new CLI command has been introduced:
# config system accprofile edit read-only set system-diagnostics enable end
# config system admin edit readonly set accprofile read-only set vdom root set password xxxx end
- Read only admins with system-diagnostics disable:
FortiCarrier-3200D $ get <----- Get dynamic and system information. show <----- Show configuration. execute <----- Execute static commands. alias <----- Execute alias commands. exit <----- Exit the CLI.
- Read only admins with system-diagnostics enable:
FortiCarrier-3200D $ get <----- Get dynamic and system information. show <----- Show configuration. diagnose <----- Diagnose facility. ß Diagnose command is available for read only admin. execute <----- Execute static commands. alias <----- Execute alias commands. exit <----- Exit the CLI. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.