Fortinet black logo

New Features

Home FortiManager 7.2.0 New Features

New firewall admin role with no RW permission on IPS objects

7.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.7
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 722c6141-8e83-11ec-9fd1-fa163e15d75b:407925
Download PDF

New firewall admin role with no RW permission on IPS objects

From the CLI, you can set none, read-only, and read-write permissions on IPS objects for an admin profile. Previously, you could not set read-only permissions on IPS objects.

To set permissions on IPS objects:
  1. In the FortiManager CLI, enter the following command:

    config system admin profile

    edit <profile>

    set ips-objects {none | read | read-write}

    next

    end

    Note

    You cannot edit this profile setting from the GUI. It must be done in the CLI.

  2. In the FortiManager GUI or CLI, assign this profile to administrators, as needed.
  • If ips-objects is set to none, administrators with this profile cannot see IPS objects.

  • If ips-objects is set to read, administrators with this profile can read but not edit or install IPS objects.

  • Administrators with ips-objects read-only permissions can install firewall policies without installing IPS related objects. They can also assign IPS profiles in the policy package.

  • If ips-objects is set to read-write, administrators with this profile can edit and install IPS objects in addition to the ips-objects read-only privileges.
Previous
Next

New firewall admin role with no RW permission on IPS objects

From the CLI, you can set none, read-only, and read-write permissions on IPS objects for an admin profile. Previously, you could not set read-only permissions on IPS objects.

To set permissions on IPS objects:
  1. In the FortiManager CLI, enter the following command:

    config system admin profile

    edit <profile>

    set ips-objects {none | read | read-write}

    next

    end

    Note

    You cannot edit this profile setting from the GUI. It must be done in the CLI.

  2. In the FortiManager GUI or CLI, assign this profile to administrators, as needed.
  • If ips-objects is set to none, administrators with this profile cannot see IPS objects.

  • If ips-objects is set to read, administrators with this profile can read but not edit or install IPS objects.

  • Administrators with ips-objects read-only permissions can install firewall policies without installing IPS related objects. They can also assign IPS profiles in the policy package.

  • If ips-objects is set to read-write, administrators with this profile can edit and install IPS objects in addition to the ips-objects read-only privileges.
Previous
Next