Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Chandra_FTNT
Staff
Staff

Created on ‎09-27-2024 02:53 AM

Article Id 345061

Technical Tip: Restrict admin users to take configuration backup only on FortiGate

Description This article describes how to restrict admin users to take only configuration backups on FortiGate.
Scope FortiGate v7.4.4 onwards
Solution

Requirement:

Restrict admin users to take configuration backup on FortiGate and not have any access privileges to modify or change the configuration.

 

Create a custom Admin Profile under System >  Admin Profiles and select 'Create new'. 

 

Screenshot 2024-09-27 150405.jpg

 

Specify the Admin profile name example above 'BackupAdmin'. Next Permissions needs to be enabled to provide only access to take backup configuration which is as below:

 

Screenshot 2024-09-27 150730.jpg

 

Under System Access Control, select the Custom option, enable Read/Write for 'Administrator Users' and Read only for 'FortiGuard Updates', 'Configuration', and 'Maintenance' and select 'OK'.

 

Create a new Admin User example 'Backup' and select the Admin profile which was created above as 'BackupAdmin':

 

 Screenshot 2024-09-27 151152.jpg

 

Once the admin user is created, log in to FortiGate using the "backup" user and verify if a backup can be taken:

 

Screenshot 2024-09-27 1513232152.jpg
312
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.