Hi All,
Fairly new to Fortigate and seem help please.
I've noticed on our v5.4 1500D's the diag command is missing when going into the global vdom. On the same hardware using v5.2 or below the diag command is present in global.
Any idea's why there is difference in 5.4? I was trying to perform the diag netlink command and cannot do this on 5.4.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I don't remember 5.2 well. Those days were more than 5 year ago I guess. But I'm almost sure the design with multi-vdom environment was the same. Are you sure the 5.2 box has "vdom-admin" enabled under "config sys global"?
Global is NOT a vdom. It's ouside of all vdoms, which defines insterfaces and box-wide system settings and others. Since it's not a vdom, it doesn't have routing tables, policies, security profiles that all vdoms have. There fore not diag commands for those features.
I'm sure that command was available in global context at one time also.
Ken Felix
PCNSE
NSE
StrongSwan
There has been a change in 5.4.3 and 5.6.0 which requires that all admin access (mntgrp, admingrp, .....) in an access profile need to be read-write if an admin using this profile want to issue diag commands. This behavior has been changed in 6.0.4 (and should be in 6.2.0) to be granular and take into account for which access category the value is read-write or no.
Thanks all. I think jhouvenaghel_FTNT is onto something. The command appears in the same appliances running anything earlier than 5.4. So versions with 5.2 and 5.0 I have do have the command present.
Could this be a TACACS related issue?
I don't believe it is related to the kind of authentication you use . Only related to the access profile you use which does not give the same rights for diag command after upgrading to 5.4.3/5.6.0
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.