| Description |
This article describes how to create read read-only admin profile in FortiGate. |
| Scope |
FortiGate. |
| Solution |
This is the packet flow:
On the user machine, the firewall is accessed with a DDNS domain name. The domain refers to the IP of the upstream router, and the firewall is behind the upstream router. Port forwarding must be performed on the upstream router for traffic to reach the firewall.
Admin profile creation: Log in to the firewall as an administrator and select System -> Administrator Profile -> Create New. Give the profile any name.
Select Read mode for all permissions so that the relevant administrator sees only the settings and cannot change them.
Permit use of CLI diagnostic commands: When this option is enabled, the administrator will be able to run diagnostic commands on the FortiGate firewall. Next, create a new administrator and attach this read-only profile to this particular user.
Create an administrator:
Select System -> Administrator, and New. Fill in all the fields such as name, and password, and then attach the newly created profile 'read-only' to the admin user. |
