Fortinet black logo

Administration Guide

Admin profile option for diagnose access

Admin profile option for diagnose access

The system-diagnostics command in an administrator profile can be used to control access to diagnose commands for global and VDOM level administrators.

To block an administrator's access to diagnose commands:
  1. Create an admin profile that cannot access diagnose commands:
    config system accprofile
        edit "nodiagnose"
            ...
            set system-diagnostics disable
        next
    end
  2. Apply the profile to an administrator:
    config system admin
        edit "nodiag"
            set accprofile "nodiagnose"
            set vdom "root"
            set password ********
        next
    end
  3. Log in as that administrator and confirm that they cannot access diagnose commands:
    $ ?
    config     Configure object.
    get        Get dynamic and system information.
    show       Show configuration.
    execute    Execute static commands.
    alias      Execute alias commands.
    exit       Exit the CLI.
    

Admin profile option for diagnose access

The system-diagnostics command in an administrator profile can be used to control access to diagnose commands for global and VDOM level administrators.

To block an administrator's access to diagnose commands:
  1. Create an admin profile that cannot access diagnose commands:
    config system accprofile
        edit "nodiagnose"
            ...
            set system-diagnostics disable
        next
    end
  2. Apply the profile to an administrator:
    config system admin
        edit "nodiag"
            set accprofile "nodiagnose"
            set vdom "root"
            set password ********
        next
    end
  3. Log in as that administrator and confirm that they cannot access diagnose commands:
    $ ?
    config     Configure object.
    get        Get dynamic and system information.
    show       Show configuration.
    execute    Execute static commands.
    alias      Execute alias commands.
    exit       Exit the CLI.