Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RolandBaumgaertner72
Contributor

CLI Sniffer downst work after update to 7.4.2

Hi,

 

so strange, we did an update for a FG81E Cluster to 7.4.2 and in the CLI we cant do any sniffing:

 

FG_XXX_Master $ diag sniffer packet any "host 128.1.98.88" 4
Unknown action 0

 

Always the same, Unkown action 0

 

Other FGs with also 7.4.2 just work fine.

 

What can that be?

 

Thanks!

 

 

11 REPLIES 11
RolandBaumgaertner72
Contributor

Hi,

 

I just see that on this FG we dont have a super__admin. It seems that this is the problem. I have a prof-admin who has all rights but comparing with other FGs the super-admin you cant even change the rights.

 

So can we add again a new super admin?

 

Thanks,

Rland

RolandBaumgaertner72
Contributor

Hi,

 

now I get it. We had some time ago a problem with an HA update so that we had to reset one FG and build the HA from scratch. I guess the problem is that we used a backupf file from a prof_user and not a super_user.

 

Any other chance to create a new super-user instead of using one old config file?

 

Thanks

AEK

Hi Roland

Yes this may happen when we restore a prof_admin backup.

Try reset the admin password via this procedure.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Resetting-a-lost-admin-password/ta-p/19704...

Otherwise if unsuccessful then you'll probably have to factory-reset and restore a valid backup.

AEK
AEK
RolandBaumgaertner72

Hi,

 

no we have now 7.4.2 and there is no option for maintainer :(

 

It is not a really important branch, but I dont get why we cant use diag with this prof-admin who has all rights. Any chance to change that?

 

Thanks!

AEK

Hi Roland

Prof-admin has almost all rights, but not all.

Check this:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Prof-Admin-admin-profile-will-not-be-able-...

AEK
AEK
pminarik

Access to diag commands is controlled on a per-admin-profile basis.
"Permit usage of CLI diagnostic commands",

 
 
 

Or "set system-diagnostics enable|disable" in the CLI.

[ corrections always welcome ]
RolandBaumgaertner72

Hi,

 

cant make this happen in the CLI, guess because it is not super_admin.

 

No chance to activate again super admin? Do I really have to rebuild the HA? The last saved config with the super admin is like 1.5 years old.

 

Thanks!

AEK

You still have access to 99% of the config with prof_admin. So try merge it with the 1.5 years old config to restore it after factory reset.

AEK
AEK
RolandBaumgaertner72

So you say that the easiest would be to reset for example the slave unit, save the config file with no configuration but the super_admin profile and than copy all the rest to this config?

 

Thanks

Labels
Top Kudoed Authors