Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wcbenyip
New Contributor III

Created on ‎08-11-2014 06:48 PM

Admin Profile for readonly but can' t download config?

Hi ALL, In the case that we want to allow the IT teammates to logon to the firewall to have a look whenever need to troubleshoot or checking the logs, the expected result should just allow the teammates to read all or some of the screen, however, I cannot set it all-readonly but restricting the option to allow the one to download the firewall configuration... that would expose the details! Yes, you may say that, I can disable/hide the whole system configuration page.. but I just wonder there is any way that I can do both - allow to show the system page (with bandwidth for ports and other stats.) AND disable the download/upload of configuration. Anyone can help? Thanks!
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
3832
0 Kudos
3 REPLIES 3
ede_pfau
SuperUser
SuperUser

Created on ‎08-12-2014 04:00 AM

hi, what is in the config file that you cannot see in the (read-only) WebGUI? You fear that parts of the config may be exposed if downloaded but I think all these settings are exposed anyway in the WebGUI.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
1485
0 Kudos
wcbenyip
New Contributor III
In response to ede_pfau

Created on ‎08-12-2014 06:28 PM

Actually as it say, I can see all in the WebGUI with read acl only. I just want to hide that option to allow the one to backup the device config. Seems no way to do so, because the ACL setting for Admin a/c can only set RW/R for the whole " section" , there is no sub-category could be configured.
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
1485
0 Kudos
Istvan_Takacs_FTNT
Staff
Staff

Created on ‎08-12-2014 06:34 PM

You can customise the dashboard to remove widgets e.g. the System Information one that displays the System Config, but can' t enforce the config for the other users, so they might just put it back. Also you would need to remove the CLI console one and the SSH access or else they might just run ' show full' . Not sure if you can make a customised dashboard permanent in the CLI somehow, but there might be an option to do that.
1485
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.