I have a question in relation to the fortimanager, I have several UTMs on different sites and that are managed by the local IT but with a user profile with only the rights to modify the Webfilter and to consult the logs. When adding the UTM to the Fortimanager, the local IT no longer have the hand to manage the FGT since they do not have the admin rights to resume control.
Can you tell me if this is normal or if there is a configuration to make Fortimanager side to allow them to manage the Fortigate via the Fortimanager and also with direct access, knowing well that one can not give them access With admin rights instead of the Fortimanager.
Hmm, interesting. Our development team has confirmed that is *should* only be "super admin" profiles which are presented with that override option. Thanks for your finding.
In any case, the restriction is there to help discourage admin users from making direct changes on the FGT that are then alot of work to resync with the FMG. Device-level settings are no problem. Changes to policies & objects require resyncing with the ADOM level & thus are more work afterward.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.