Access Profiles; Access Profile List - Fortinet FortiGate FortiGate-1000A Administration Manual

System Admin

Access profiles

Access profile list

FortiGate-1000A/FA2 Administration Guide
When you set trusted hosts for all administrators, the FortiGate unit does not respond
to administrative access attempts from any other hosts. This provides the highest
security. If you leave even one administrator unrestricted, the unit accepts
administrative access attempts on any interface that has administrative access
enabled, potentially exposing the unit to attempts to gain unauthorized access.
The trusted hosts you define apply both to the web-based manager and to the CLI
when accessed through telnet or SSH. CLI access through the console connector is
not affected.
Note: If you set trusted hosts and want to use the Console Access feature
manager, you must also set 127.0.0.1/255.255.255.255 as a trusted host. For more
information on the Console Access feature, see
Go to System > Admin > Access Profile to add access profiles for FortiGate
administrators. Each administrator account belongs to an access profile. You can
create access profiles that deny access or allow read-only or both read and write
access to FortiGate features.
When an administrator has only read access to a feature, the administrator can
access the web-based manager page for that feature but cannot make changes to the
configuration. There are no Create or Apply buttons and lists display only the
View ( ) icon instead of icons for Edit, Delete or other modification commands.
Figure 49: Access profile list
Create New Add a new access profile.
Profile Name The name of the access profile.
Delete icon Select to delete the access profile.
You cannot delete an access profile that has administrators assigned to it.
You cannot delete or modify the prof_admin access profile.
Edit icon Select to modify the access profile.
01-28011-0254-20051115
of the web-based
"Console Access" on page 28
Access profiles
.
127