Intrusion prevention restricted administrator
An Intrusion Prevention System (IPS) can be used to detect and block network-based attacks. In FortiManager, a restricted administrator profile can be created to allow an administrator to configure IPS settings without interfering with FortiManager's networking capabilities and functions.
Restricted administrators can create new profiles and signatures, add signatures and filters to a profile, and define the action (Allow, Monitor, Block, Reset, Default, Quarantine) that will occur for detected signatures. They are also able to view IPS diagnostics, FortiGuard package status, licenses and services, and create IPS templates.
Restricted administrator profiles can be used when migrating from a standalone IPS system to give the IPS administrator granular control over what IPS profiles and signatures to deploy.
Optionally, restricted administrator profiles can be configured with permissions to install changes to managed FortiGate devices. See Installing profiles as a restricted administrator.
For firewall administrators, read-write access to IPS related objects can be configured in each administrator profile using the CLI. For more information, see ips-objects
in Permissions.
To create an IPS restricted administrator:
- Go to System Settings > Admin > Profile, and create an administrator profile with the Type set to Restricted Admin and the permissions set as Intrusion Prevention. See Creating administrator profiles.
- Optionally, toggle Allow to Install if you want this administrator to be able to install changes to FortiGate devices.
- Go to System Settings > Admin > Administrators, and create a new administrator.
- Select the restricted IPS profile for the Admin Profile, then select the ADOMs and Intrusion Prevention profiles that the administrator can manage. See Creating administrators.
You can select All ADOMs, All ADOMs except specified ones, or Specify to select ADOMs that the restricted admin is able to access. Restricted administrators can only view and install changes to devices included in the specified ADOMs.For more information about restricted administrator profiles, see Restricted administrators.
To configure IPS settings as a restricted administrator, see:
- Intrusion prevention profiles
- Intrusion prevention signatures
- Intrusion prevention diagnostics
- Intrusion prevention hold-time and CVE filtering
- Intrusion prevention FortiGuard packages
- Intrusion prevention licenses and services
- Intrusion prevention templates
- Intrusion prevention global headers and footers