The restricted IPS admin profile feature helps customers who are transitioning from dedicated IPS solutions to Fortinet products. This feature provides replacement functions for IPS administrations.
- Go to System Settings. In the tree menu, select Profile. Click Create New to create an admin profile with its type as Restricted Admin.
- Now, select the admin profile and click Edit from the toolbar.
Alternatively, you can double-click on the admin profile to edit.
The Edit Profile pane is displayed.
Toggle ON/OFF Allow to Install to enable or disable "Install" permission for the restricted admin. Click OK.
By default, Allow to Install is ON. When it is OFF, IPS admin can only make IPS config changes and has no permission to push config changes down to FortiGate.
- In the tree menu, select Administrators. Click Create New from the toolbar to create an administrator.
- Select the administrator and click Edit from the toolbar. Alternatively, you can double-click on the administrator to edit.
The Edit Administrator pane opens.
- In the Edit Administrator window, select profiles for permissions and click OK.
- Log in with your IPS admin credentials. Go to Intrusion prevention > Profiles and Custom Signatures.
IPS admin is able to create, edit, or delete IPS profiles and custom signatures.
- Select a profile and right-click, select either Install or Where Used.
Where used dialog shows where the selected profile is being used. Click Close.
Select Install to select target devices. This copies the profile to the device db, and then installs it to the selected device. Click OK.