Hi all,
I have several Fortigate 81E on different Branch Offices in use. SuperUser is always me & my team. But on some Branch Offices we have a Techi. For these Techi i already made some Read-Only User just to have a look at Policy and Logs if something gets blocked e.g. . As these branch offices are kinda independent they sometimes install severs that need to communicate with the outside world. This can happen if nobody of my team is at work. That's why im Wondering if its possible to give the Tech people at these branch offices write permission for the Firewall Policy, but deny them the use of some interfaces (this owuld be the interfaces to our internal network as their networks are DMZ and we only want several ports open to our network) or if its possible to mark several Firewall Policies as not editable for them ?
I'm pretty sure this won't work with the WebUI but maybe it's possible through cli ?
Thanks in advance!
Alex
Nope, not that I know of. GUI and CLI are equivalent in this point.
Either customer techie has to wait and cannot set up servers at any arbitrary time during the day/week.
Or, you secure your network from your side of the policy. Which will not keep him from creating traffic to other ports.
In the end, it's a question of who is responsible if a config change created a security risk. The one willing to take the blame will get the authorization. This should be the one with the most experience and knowledge.
Thanks Ede!
Well than i guess me and my team will be the only one that can create policy rules.
[thumbs up!]
If I find someone has changed the config on a FGT that I manage I decline responsibility right away. No intention to play hide and seek.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.