config system admin
Configure admin users.
config system admin Description: Configure admin users. edit <name> set accprofile {string} set accprofile-override [enable|disable] set allow-remove-admin-session [enable|disable] set comments {var-string} set email-to {string} set force-password-change [enable|disable] set fortitoken {string} set guest-auth [disable|enable] set guest-lang {string} set guest-usergroups <name1>, <name2>, ... set ip6-trusthost1 {ipv6-prefix} set ip6-trusthost10 {ipv6-prefix} set ip6-trusthost2 {ipv6-prefix} set ip6-trusthost3 {ipv6-prefix} set ip6-trusthost4 {ipv6-prefix} set ip6-trusthost5 {ipv6-prefix} set ip6-trusthost6 {ipv6-prefix} set ip6-trusthost7 {ipv6-prefix} set ip6-trusthost8 {ipv6-prefix} set ip6-trusthost9 {ipv6-prefix} set password {password-2} set password-expire {user} set peer-auth [enable|disable] set peer-group {string} set remote-auth [enable|disable] set remote-group {string} set schedule {string} set sms-custom-server {string} set sms-phone {string} set sms-server [fortiguard|custom] set ssh-certificate {string} set ssh-public-key1 {user} set ssh-public-key2 {user} set ssh-public-key3 {user} set trusthost1 {ipv4-classnet} set trusthost10 {ipv4-classnet} set trusthost2 {ipv4-classnet} set trusthost3 {ipv4-classnet} set trusthost4 {ipv4-classnet} set trusthost5 {ipv4-classnet} set trusthost6 {ipv4-classnet} set trusthost7 {ipv4-classnet} set trusthost8 {ipv4-classnet} set trusthost9 {ipv4-classnet} set two-factor [disable|fortitoken|...] set two-factor-authentication [fortitoken|email|...] set two-factor-notification [email|sms] set vdom <name1>, <name2>, ... set vdom-override [enable|disable] set wildcard [enable|disable] next end
config system admin
Parameter |
Description |
Type |
Size |
Default |
||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
accprofile |
Access profile for this administrator. Access profiles control administrator access to FortiGate features. |
string |
Maximum length: 35 |
|
||||||||||||
accprofile-override |
Enable to use the name of an access profile provided by the remote authentication server to control the FortiGate features that this administrator can access. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
allow-remove-admin-session |
Enable/disable allow admin session to be removed by privileged admin users. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
comments |
Comment. |
var-string |
Maximum length: 255 |
|
||||||||||||
email-to |
This administrator's email address. |
string |
Maximum length: 63 |
|
||||||||||||
force-password-change |
Enable/disable force password change on next login. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
fortitoken |
This administrator's FortiToken serial number. |
string |
Maximum length: 16 |
|
||||||||||||
guest-auth |
Enable/disable guest authentication. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
guest-lang |
Guest management portal language. |
string |
Maximum length: 35 |
|
||||||||||||
guest-usergroups |
Select guest user groups. Select guest user groups. |
string |
Maximum length: 79 |
|
||||||||||||
ip6-trusthost1 |
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||||||
ip6-trusthost10 |
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||||||
ip6-trusthost2 |
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||||||
ip6-trusthost3 |
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||||||
ip6-trusthost4 |
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||||||
ip6-trusthost5 |
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||||||
ip6-trusthost6 |
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||||||
ip6-trusthost7 |
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||||||
ip6-trusthost8 |
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||||||
ip6-trusthost9 |
Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||||||
name |
User name. |
string |
Maximum length: 64 |
|
||||||||||||
password |
Admin user password. |
password-2 |
Not Specified |
|
||||||||||||
password-expire |
Password expire time. |
user |
Not Specified |
|
||||||||||||
peer-auth |
Set to enable peer certificate authentication (for HTTPS admin access). |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
peer-group |
Name of peer group defined under config user group which has PKI members. Used for peer certificate authentication (for HTTPS admin access). |
string |
Maximum length: 35 |
|
||||||||||||
remote-auth |
Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
remote-group |
User group name used for remote auth. |
string |
Maximum length: 35 |
|
||||||||||||
schedule |
Firewall schedule used to restrict when the administrator can log in. No schedule means no restrictions. |
string |
Maximum length: 35 |
|
||||||||||||
sms-custom-server |
Custom SMS server to send SMS messages to. |
string |
Maximum length: 35 |
|
||||||||||||
sms-phone |
Phone number on which the administrator receives SMS messages. |
string |
Maximum length: 15 |
|
||||||||||||
sms-server |
Send SMS messages using the FortiGuard SMS server or a custom server. |
option |
- |
fortiguard |
||||||||||||
|
|
|||||||||||||||
ssh-certificate |
Select the certificate to be used by the FortiGate for authentication with an SSH client. |
string |
Maximum length: 35 |
|
||||||||||||
ssh-public-key1 |
Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. |
user |
Not Specified |
|
||||||||||||
ssh-public-key2 |
Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. |
user |
Not Specified |
|
||||||||||||
ssh-public-key3 |
Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. |
user |
Not Specified |
|
||||||||||||
trusthost1 |
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. |
ipv4-classnet |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||||||||
trusthost10 |
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. |
ipv4-classnet |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||||||||
trusthost2 |
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. |
ipv4-classnet |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||||||||
trusthost3 |
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. |
ipv4-classnet |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||||||||
trusthost4 |
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. |
ipv4-classnet |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||||||||
trusthost5 |
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. |
ipv4-classnet |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||||||||
trusthost6 |
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. |
ipv4-classnet |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||||||||
trusthost7 |
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. |
ipv4-classnet |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||||||||
trusthost8 |
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. |
ipv4-classnet |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||||||||
trusthost9 |
Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. |
ipv4-classnet |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||||||||
two-factor |
Enable/disable two-factor authentication. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
two-factor-authentication |
Authentication method by FortiToken Cloud. |
option |
- |
|
||||||||||||
|
|
|||||||||||||||
two-factor-notification |
Notification method for user activation by FortiToken Cloud. |
option |
- |
|
||||||||||||
|
|
|||||||||||||||
vdom |
Virtual domain(s) that the administrator can access. Virtual domain name. |
string |
Maximum length: 79 |
|
||||||||||||
vdom-override |
Enable to use the names of VDOMs provided by the remote authentication server to control the VDOMs that this administrator can access. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
wildcard |
Enable/disable wildcard RADIUS authentication. |
option |
- |
disable |
||||||||||||
|
|