FortiGate provides a holistic view of the overall topology via Security Fabric.

To access the Fabric and FortiView, an admin has to log in to the firewall.

The login to the firewall introduces a few challenges:

1. Accidental configuration change.
2. Time out due to inactivity while monitoring.

Thus, to overcome this issue, the following workaround can be applied:

1. Create a new admin profile with all permissions set to read-only.
2. Enable 'Never Timeout' under the read-only profile.

CLI Commands:

config system accprofile

    edit "Read_ony_profile"

        set secfabgrp read

        set ftviewgrp read

        set authgrp read

        set sysgrp read

        set netgrp read

        set loggrp read

        set fwgrp read

        set vpngrp read

        set utmgrp read

        set wifi read

        set admintimeout-override enable

        set admintimeout 0

    next

end

3. Create a new administrator and select the read-only profile created as per step 2.

CLI Commands:

config system admin

    edit "John"

        set accprofile "Read_ony_profile"

        set vdom "root"

        set password ENC PB2CbUb+oVG+XXXXXXXXXXXXXXXXXIR0BRrzfR0rWuJJkwH74Oq7f1pHsBYEAEk7qg8yRordtUqcKOAOSAgqPYoE89mQ402tbvSz5E=

    next

end

4. Log out and log in as the new admin.
5. The new admin will only have read access and can monitor the pre-configured dashboard.

Note: There is a known issue in v7.4.8 and v7.6.3 where the 'Override idle timeout: Never timeout' setting does not function as expected. Even when enabled, user sessions may still expire.

This issue is scheduled to be resolved in versions 7.4.9 (expected to be released in September 2025) and v7.6.4.