restricted admin access question

Andre_Backs · ‎12-31-2014

Hello all.

Happy New Year and all the best wishes for 2015.

I have a question about restricting admin access to the Fortigate.

I run a Fortigate 200D version 5.0 patch 7 and need to set up an admin profile so that our servicedesk people have readonly access to the system and in addition they are allowed to modify the SSID password in the WiFi & Switch controller section.

Initially I thought that an Admin Profile with Read-Write access to "WiFi Controller" would do the trick but I found out that it doesn't. Is this something I can set in CLI perhaps ?

Thanks for helping,

André

ABB@ProBiblio Fortigate 200D (slave master)

Dave_Hall · ‎12-31-2014

Andre Backs wrote:
Initially I thought that an Admin Profile with Read-Write access to "WiFi Controller" would do the trick but I found out that it doesn't. Is this something I can set in CLI perhaps ?

Never had the need to do that, but I usually I just reset the password from the CLI, like so:

config wireless-controller vap
    edit "wifi"
        set passphrase password
    next
end

Try again with that read-only admin profile you have created and see if it works. Make sure you give your help desk access to the CLI.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

restricted admin access question

Nominate a Forum Post for Knowledge Article Creation