Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 6.3.4 CLI Reference
    6.3.4
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0

    Permissions

    Permissions

    Depending on the account that you use to log in to the FortiWeb appliance, you may not have complete access to all CLI commands or areas of the web UI.

    Access profiles control which commands and areas an administrator account can access. Access profiles assign either:

    • Read (view access)
    • Write (change and execute access)
    • Both Read and Write
    • No access

    to each area of the FortiWeb software. For details about configuring the access profile for an administrator account to use, see system accprofile.

    Access profile permissions

    Admin Users

    System > Admin ... except Settings

    		 Web UI

    admingrp

    config system admin

    config system accprofile

    		 CLI
    Auth Users

    User ...

    		 Web UI

    authusergrp

    config user ...

    		 CLI
    Log & Report

    Log&Report ...

    		 Web UI

    loggrp

    config log ...

    execute formatlogdisk

    		 CLI
    Maintenance

    System > Maintenance except System Time tab

    		Web UI

    mntgrp

    diagnose system ...

    execute backup ...

    execute factoryreset

    execute reboot

    execute restore ...

    execute shutdown

    diagnose system flash ...

    		 CLI
    Network Configuration

    System > Network ...

    		 Web UI

    netgrp

    config router ...

    config system interface

    config system dns

    config system v-zone

    diagnose network ... except sniffer ...

    		 CLI
    System Configuration

    System ... except Network, Admin, and Maintenance tabs

    		Web UI

    sysgrp

    config system except accprofile, admin, dns, interface, and v-zone

    diagnose hardware ...

    diagnose network sniffer ...

    diagnose system ... except flash ...

    execute date ...

    execute ha ...

    execute ping ...

    execute ping-option ...

    execute traceroute ...

    execute time ...

    		 CLI
    Server Policy Configuration

    Policy > Server Policy ...

    Server Objects ...

    Application Delivery ...

    		 Web UI

    traroutegrp

    config server-policy ... except custom-application ...

    config waf file-compress-rule

    config waf http-authen ...

    config waf url-rewrite ...

    diagnose policy ...

    		 CLI
    Web Anti-Defacement Management

    Web Anti-Defacement ...

    		 Web UI

    wadgrp

    config wad ...

    		 CLI
    Web Protection Configuration

    Policy > Web Protection ...

    Web Protection ...

    DoS Protection ...

    		 Web UI

    wafgrp

    config system dos-prevention

    config waf except:

    • config waf file-compress-rule
    • config waf http-authen ...
    • config waf url-rewrite ...
    • config waf web-custom-robot
    • config waf web-robot
    • config waf x-forwarded-for
    		 CLI
    Web Vulnerability Scan Configuration

    Web Vulnerability Scan ...

    		 Web UI

    wvsgrp

    config wvs ...

    		 CLI

    * For each config command, there is an equivalent get/show command, unless otherwise noted.

    config access requires write permission.

    get/show access requires read permission.

    Unlike other administrator accounts, the administrator account named admin exists by default and cannot be deleted. The admin administrator account is similar to a root administrator account. This administrator account always has full permission to view and change all FortiWeb configuration options, including viewing and changing all other administrator accounts. Its name and permissions cannot be changed. It is the only administrator account that can reset another administrator’s password without being required to enter that administrator’s existing password.

    Set a strong password for the admin administrator account, and change the password regularly. By default, this administrator account has no password. Failure to maintain the password of the admin administrator account could compromise the security of your FortiWeb appliance.

    For complete access to all commands, you must log in with the admin administrator account.

    Previous
    Next

    Permissions

    Permissions

    Depending on the account that you use to log in to the FortiWeb appliance, you may not have complete access to all CLI commands or areas of the web UI.

    Access profiles control which commands and areas an administrator account can access. Access profiles assign either:

    • Read (view access)
    • Write (change and execute access)
    • Both Read and Write
    • No access

    to each area of the FortiWeb software. For details about configuring the access profile for an administrator account to use, see system accprofile.

    Access profile permissions

    Admin Users

    System > Admin ... except Settings

    		 Web UI

    admingrp

    config system admin

    config system accprofile

    		 CLI
    Auth Users

    User ...

    		 Web UI

    authusergrp

    config user ...

    		 CLI
    Log & Report

    Log&Report ...

    		 Web UI

    loggrp

    config log ...

    execute formatlogdisk

    		 CLI
    Maintenance

    System > Maintenance except System Time tab

    		Web UI

    mntgrp

    diagnose system ...

    execute backup ...

    execute factoryreset

    execute reboot

    execute restore ...

    execute shutdown

    diagnose system flash ...

    		 CLI
    Network Configuration

    System > Network ...

    		 Web UI

    netgrp

    config router ...

    config system interface

    config system dns

    config system v-zone

    diagnose network ... except sniffer ...

    		 CLI
    System Configuration

    System ... except Network, Admin, and Maintenance tabs

    		Web UI

    sysgrp

    config system except accprofile, admin, dns, interface, and v-zone

    diagnose hardware ...

    diagnose network sniffer ...

    diagnose system ... except flash ...

    execute date ...

    execute ha ...

    execute ping ...

    execute ping-option ...

    execute traceroute ...

    execute time ...

    		 CLI
    Server Policy Configuration

    Policy > Server Policy ...

    Server Objects ...

    Application Delivery ...

    		 Web UI

    traroutegrp

    config server-policy ... except custom-application ...

    config waf file-compress-rule

    config waf http-authen ...

    config waf url-rewrite ...

    diagnose policy ...

    		 CLI
    Web Anti-Defacement Management

    Web Anti-Defacement ...

    		 Web UI

    wadgrp

    config wad ...

    		 CLI
    Web Protection Configuration

    Policy > Web Protection ...

    Web Protection ...

    DoS Protection ...

    		 Web UI

    wafgrp

    config system dos-prevention

    config waf except:

    • config waf file-compress-rule
    • config waf http-authen ...
    • config waf url-rewrite ...
    • config waf web-custom-robot
    • config waf web-robot
    • config waf x-forwarded-for
    		 CLI
    Web Vulnerability Scan Configuration

    Web Vulnerability Scan ...

    		 Web UI

    wvsgrp

    config wvs ...

    		 CLI

    * For each config command, there is an equivalent get/show command, unless otherwise noted.

    config access requires write permission.

    get/show access requires read permission.

    Unlike other administrator accounts, the administrator account named admin exists by default and cannot be deleted. The admin administrator account is similar to a root administrator account. This administrator account always has full permission to view and change all FortiWeb configuration options, including viewing and changing all other administrator accounts. Its name and permissions cannot be changed. It is the only administrator account that can reset another administrator’s password without being required to enter that administrator’s existing password.

    Set a strong password for the admin administrator account, and change the password regularly. By default, this administrator account has no password. Failure to maintain the password of the admin administrator account could compromise the security of your FortiWeb appliance.

    For complete access to all commands, you must log in with the admin administrator account.

    Previous
    Next