Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pmeet
Staff
Staff

Created on ‎08-31-2023 10:11 PM Edited on ‎09-15-2023 10:40 AM By Staff

Article Id 271415

Technical Tip: How to enable debugging for administrators who are not assigned as super admins

Description This article describes how to allow debugging for admin users with the least privileges.
Scope FortiGate.
Solution

In the custom profile, give read/write permissions to Maintenance under the system:

 

MicrosoftTeams-image (53).png

 

Logging in with the admin user with the least privilege will enable the use of the following command and any of its parameters:

 

diag deb

 

MicrosoftTeams-image (54).png 

 

This will give the user the same privileges to run debugs as a super admin profile.

In the newer version of FortiOS 7.4, the following button can be used to grant access to the CLI diagnostics commands:


admin-profile.jpg

 

As shown below, a 'read' permission user is still able to run the diagnostics command:


test-admin.jpg
1064
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.