While creating an admin user account from the GUI, under System -> Administrators:

The super_admin_readonly profile can be chosen or viewed within the admin users section in the GUI, but it cannot be found under System -> Admin profiles.

From v7.4.x, the diagnostic commands cannot be run by the admin user with the super_admin_readonly profile, as this has been disabled under CLI permits.

The following error is noticed when the admin user runs the diagnose commands in the CLI:

The super_admin_readonly profile cannot be edited from the GUI:

The permissions under the Admin Profile on GUI cannot be enabled, and the changes will not be saved, as it is the 'default' profile present in the system.

From the CLI, the changes cannot be made to the admin profile.

As an alternative, another administrator profile with read-only permissions that permit usage of the CLI commands 'enabled' can be created and assigned to the admin accounts.

With the profile above, the admin user can run the diagnose commands, as well as other CLI commands.

Note: 'super_admin_readonly' profile cannot be edited, hence admin can create a new admin profile and customize the permission to run the config/diagnostic/execute/get/show commands.

As FGT-30G is a low-end model with limited memory resources, it is advised to check the memory utilization regularly to avoid high memory utilization or device going into memory conserve mode.

FGT30G # get sys performance status
Memory: 1964064k total, 1019812k used (51.9%), 562508k free (28.6%), 381744k freeable (19.5%)

FGT30G # get hardware status
RAM: 1918 MB
EMMC: 9982 MB(MLC) /dev/mmcblk0
Hard disk: 9944 MB /dev/mmcblk0

FGT30G # diagnose sys logdisk usage
Total HD usage: 38MB(37MiB)/2112MB(2015MiB)
Total HD logging space: 1584MB(1511MiB)
HD logging space usage for vdom "root": 0MB(0MiB)/1584MB(1511MiB)

Related documents:

Administrator Profiles - FortiGate cookbook

Technical Tip: Hard disk utilization by the FortiGate