Created on
09-27-2024
02:53 AM
Edited on
01-28-2025
04:21 AM
By
Stephen_G
Description | This article describes how to restrict admin users to take only configuration backups on FortiGate. |
Scope | FortiGate v7.2.9, v7.4.4 onwards |
Solution |
Requirement: Restrict admin users to take configuration backup on FortiGate and not have any access privileges to modify or change the configuration.
Create a custom Admin Profile under System -> Admin Profiles and select 'Create new'.
Specify the Admin profile name example above 'BackupAdmin'. Next Permissions needs to be enabled to provide only access to take backup configuration which is as below:
In the Access Permissions settings, assign 'Read' permissions to all Access Controls except for the 'System' Access Control, which should be configured with 'Custom' permissions. Grant 'Read/Write' permissions exclusively to the 'Administrator Users' Access Control, while ensuring that all other Access Controls are assigned 'Read' permissions.
Create a new Admin User example named 'Backup' and select the Admin profile which was created above as 'BackupAdmin':
Once the admin user is created, log in to FortiGate using the 'backup' user and verify if a backup can be taken:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.