Technical Tip: Packet Capture via GUI using an admin with Read-Write permission on Packet Capture only

krodriguez · ‎08-03-2025

Description

This article describes how to do packet capture via GUI using an admin with Read-Write permission on Packet Capture only.

Starting FortiOS v7.4 and above, when a FortiGate that is managed by FortiManager (Login Mode: Read-Only), for an admin with Read-Write permission on packet capture only to work on the GUI, an admin user with Read-Write permission (at least on system configuration and packet capture) needs to save the packet capture settings.

Scope

FortiOS v7.4 and above.

Solution

Admin pcap-admin will be assigned to the admin profile pcap_profile that has Read-Write only permission on packet capture.

Log in to FortiGate using an admin with Read-Write permission and Login Mode: Read-Write (default admin with super_admin permission will be used in this KB article).

Go to Network -> Diagnostics -> New Packet Capture.

Set the interface and filters as intended.
When Saving, select either Start capture or Save settings for later.

Packet capture saved.

Log in using pcap-admin. Packet capture that is configured/saved by Read-Write admin is now available.

Technical Tip: Packet Capture via GUI using an admin with Read-Write permission on Packet Capture only

You are leaving our website