Fortinet black logo

Administration Guide

Intrusion prevention restricted administrator

Intrusion prevention restricted administrator

An Intrusion Prevention System (IPS) can be used to detect and block network-based attacks. In FortiManager, a restricted administrator profile can be created to allow an administrator to configure IPS settings without interfering with FortiManager's networking capabilities and functions.

Restricted administrators can create new profiles and signatures, add signatures and filters to a profile, and define the action (Allow, Monitor, Block, Reset, Default, Quarantine) that will occur for detected signatures. They are also able to view IPS diagnostics, FortiGuard package status, licenses and services, and create IPS templates.

Restricted administrator profiles can be used when migrating from a standalone IPS system to give the IPS administrator granular control over what IPS profiles and signatures to deploy.

Optionally, restricted administrator profiles can be configured with permissions to install changes to managed FortiGate devices. See Installing profiles as a restricted administrator.

For firewall administrators, read-write access to IPS related objects can be configured in each administrator profile using the CLI. For more information, see ips-objects in Permissions.

To create an IPS restricted administrator:
  1. Go to System Settings > Admin > Profile, and create an administrator profile with the Type set to Restricted Admin and the permissions set as Intrusion Prevention. See Creating administrator profiles.
  2. Optionally, toggle Allow to Install if you want this administrator to be able to install changes to FortiGate devices.

  3. Go to System Settings > Admin > Administrators, and create a new administrator.
  4. Select the restricted IPS profile for the Admin Profile, then select the ADOMs and Intrusion Prevention profiles that the administrator can manage. See Creating administrators.
    You can select All ADOMs, All ADOMs except specified ones, or Specify to select ADOMs that the restricted admin is able to access. Restricted administrators can only view and install changes to devices included in the specified ADOMs.
    Note

    For more information about restricted administrator profiles, see Restricted administrators.

To configure IPS settings as a restricted administrator, see:

Intrusion prevention restricted administrator

An Intrusion Prevention System (IPS) can be used to detect and block network-based attacks. In FortiManager, a restricted administrator profile can be created to allow an administrator to configure IPS settings without interfering with FortiManager's networking capabilities and functions.

Restricted administrators can create new profiles and signatures, add signatures and filters to a profile, and define the action (Allow, Monitor, Block, Reset, Default, Quarantine) that will occur for detected signatures. They are also able to view IPS diagnostics, FortiGuard package status, licenses and services, and create IPS templates.

Restricted administrator profiles can be used when migrating from a standalone IPS system to give the IPS administrator granular control over what IPS profiles and signatures to deploy.

Optionally, restricted administrator profiles can be configured with permissions to install changes to managed FortiGate devices. See Installing profiles as a restricted administrator.

For firewall administrators, read-write access to IPS related objects can be configured in each administrator profile using the CLI. For more information, see ips-objects in Permissions.

To create an IPS restricted administrator:
  1. Go to System Settings > Admin > Profile, and create an administrator profile with the Type set to Restricted Admin and the permissions set as Intrusion Prevention. See Creating administrator profiles.
  2. Optionally, toggle Allow to Install if you want this administrator to be able to install changes to FortiGate devices.

  3. Go to System Settings > Admin > Administrators, and create a new administrator.
  4. Select the restricted IPS profile for the Admin Profile, then select the ADOMs and Intrusion Prevention profiles that the administrator can manage. See Creating administrators.
    You can select All ADOMs, All ADOMs except specified ones, or Specify to select ADOMs that the restricted admin is able to access. Restricted administrators can only view and install changes to devices included in the specified ADOMs.
    Note

    For more information about restricted administrator profiles, see Restricted administrators.

To configure IPS settings as a restricted administrator, see: