FortiOS 5.2 Getting Started: Limited access administrator accounts

1. Creating a new administrator profile

Go to System > Admin > Admin Profiles.

Create a new administer profile that limits administrators with this profile to read and write access to User and Devices and read only access to Log & Report data and report access.

2. Adding a new administrator and assigning the profile

Go to System > Admin > Administrators.

Create a new administrator account and assign it to the Administrator Profile that you just created.

Add an IP address to at least one of the Trusted Host fields to control where the administrator can log in from. In the example the administrator can log in only from the 172.20.120.0 network.

3. Results

Log into the FortiGate unit with the t.white. administrator account. t.white should only see the User & Device and the Log & Report menus.

t.white should be able to change user and device authentication settings and view log messages and reports. 

Log in from another browser window with the admin account.

Go to System > Dashboard > Status, and view the System Information widget. It should show two administrators.

Select Details to view the list of logged in administrators.

Using the admin or t.white account, go to Log & Report > Event Log > System.

Log messages should show activity for both administrators. Select a log entry to view details. Log entries for t.white should show the source address that t.white logged in from. This address should be within the Trusted Hosts network address.