cannot enable diagnostic cli

AK-khan · ‎11-04-2024

Hi,

I am trying to enable diagnostic cli. when i enable "permit usage of cli diagnostic commands" and click ok it automatically gets disabled upon revisiting this setting. the membership of the account from which this is done has Read write access to all. What could be the reason ? how to enable it ?

regards

funkylicious · ‎11-05-2024

Hi,

If I'm not mistaken, only a super_admin account profile can change the settings of the admin profiles.

And this applies from 7.4.2 , https://docs.fortinet.com/document/fortigate/7.4.4/fortios-release-notes/641069/cli-system-permissio...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Granting-read-only-admins-with-diagnose-co...

"jack of all trades, master of none"

AK-khan · ‎11-05-2024

there is no user named super_admin.

there are few users all are members of "Network Administrator" group and that gorup has all access.

funkylicious · ‎11-05-2024

I dont mean a user called super_admin, but a profile assigned to the user that does the changes for the specific setting.

For example, the default user admin has this profile assigned to it.

"jack of all trades, master of none"

gonipco2 · ‎11-05-2024

You are connecting into a an established session resulting in a nested session. I forget exactly what you need to do but it is an escape sequence. Try the ssh escape sequence "<enter><enter>~~." and the telnet escape sequece "<ctrl>+]".

cannot enable diagnostic cli

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website