FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

This article describes how to create read only admin profile in FortiGate.


All FortiGate models.


This is the packet flow. On the user machine, the firewall is accessed with a DDNS domain name.

The domain refers to the IP of the upstream router and the firewall is behind the upstream router.

Port forwarding must be performed on the upstream router for traffic to reach the firewall.


Admin profile creation:


Log in to the firewall as an administrator and select System-> Administrator Profile-> New Name.

Give the profile any name.

Select Read mode for all permissions so that the relevant administrator sees only the settings and cannot change them.


Permit use of CLI diagnostic commands:


When this option is enabled, the administrator will be able to run diagnostic commands on the FortiGate firewall.

Next, create a new administrator and attach this read-only profile to this particular user.


Create an administrator:


Select System-> Administrator, then New Fill in all the fields such as name, password, and then attach the newly created profile 'read-only' to the admin user.