Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sunil
New Contributor

Admin user Administrator Profile showing read only access

Hi, 

After few days i have logged into Fortiwifi 30e Firewall device, As i need to make few changes in security profiles...But i couldn't able to find add button for adding new signature in Application control.

I was wondering what happened suddenly, then i went to system-->administrator section...i can see over there profile access was changed to read only.

i don't have any other users created on this box, can anyone help how to fix this issue and get read write access for admin user.

 

Thanks in advance.

Sunil

4 REPLIES 4
sunil
New Contributor

Hi Can anyone help on this issue ?

 

 

emnoc
Esteemed Contributor III

Login into the fortigate via ssh ( what ever username you have ) and execute a cli cmd

 

 

get sys  admin list

 

What profile do you see enabled?

 

NOTE:  V5.2.13 has a bug that it is not showing   admin or adminprofile from the cli in multi-vdom mode

 

Alternatively you can review the local logins ( again  here an example with cli and logs stored on disk )

 

 execute log filter  category  1

 execute log filter  device 1

 execute log  filter  field  logdesc "Admin login successful"

 

and finally

 

execute log display

 

You will probably need to a find super_admin  to  change that account  accessprofile or if it's wildcards and|or  remote-authentication you need to fix the issue.

 

What changes happen on your fortigate?

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
ede_pfau
Esteemed Contributor III

I've just tested to reassign the built-in "admin" account to a read-only admin profile.

It's not possible.

In fact this account can only be assigned the 'super-admin' profile.

So, could you clarify if the account you are talking about is "admin" or some account you created later?


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
emnoc
Esteemed Contributor III

yes the admin account can be deleted and reapplied but not as RO ;)

I think also Admin ( case ) is not allowed also ;)

I'm sure his account is a non super_admin  and not the named defaukt "admin"

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors