Fortinet black logo

Administration Guide

Restricted administrators

Restricted administrators

Restricted administrator accounts are used to delegate management of Web Filter, IPS, and Application Control profiles, and then install those objects to their assigned ADOM.

Restricted administrators cannot be used when workflow mode is enabled. See Workflow mode.

When a restricted administrators logs in to the FortiManager, they enter the Restricted Admin Mode. This mode consists of a simplified GUI where they can make changes to the profiles that they have access to, and then install those changes using the Install command in the toolbar, to their designated ADOM.

To create a restricted administrator:
  1. Create an administrator profile with the Type set to Restricted Admin and the required permissions selected. See Creating administrator profiles.
  2. Create a new administrator and select the restricted administrator profile for the Admin Profile, then select the specific ADOM and profiles that the administrator can manage. See Creating administrators

Restricted administrators can create new custom signatures for Intrusion Prevention and Application Control.

To create a custom signature for Intrusion Prevention:
  1. Log on as a Restricted Administrator.
  2. Go to Intrusion Prevention > Custom Signatures.
  3. Click Create New. The Create New Custom Signature screen appears.

  4. Specify the values for the following and click OK.
    • Name - specify a name for the custom signature.
    • Signature - add a custom signature.
    • Status - toggle the status to ON.
To create a custom signature for Application Control:
  1. Log on as a Restricted Administrator.
  2. Go to Application Control > Custom Signatures.
  3. Click Create New. The Create New Custom Application Signature screen appears.

  4. Specify the values for the following and click OK.
    • Name - specify a name for the custom signature.
    • Signature - add a custom signature.
    • Comment - toggle the status to ON.

Restricted administrators

Restricted administrator accounts are used to delegate management of Web Filter, IPS, and Application Control profiles, and then install those objects to their assigned ADOM.

Restricted administrators cannot be used when workflow mode is enabled. See Workflow mode.

When a restricted administrators logs in to the FortiManager, they enter the Restricted Admin Mode. This mode consists of a simplified GUI where they can make changes to the profiles that they have access to, and then install those changes using the Install command in the toolbar, to their designated ADOM.

To create a restricted administrator:
  1. Create an administrator profile with the Type set to Restricted Admin and the required permissions selected. See Creating administrator profiles.
  2. Create a new administrator and select the restricted administrator profile for the Admin Profile, then select the specific ADOM and profiles that the administrator can manage. See Creating administrators

Restricted administrators can create new custom signatures for Intrusion Prevention and Application Control.

To create a custom signature for Intrusion Prevention:
  1. Log on as a Restricted Administrator.
  2. Go to Intrusion Prevention > Custom Signatures.
  3. Click Create New. The Create New Custom Signature screen appears.

  4. Specify the values for the following and click OK.
    • Name - specify a name for the custom signature.
    • Signature - add a custom signature.
    • Status - toggle the status to ON.
To create a custom signature for Application Control:
  1. Log on as a Restricted Administrator.
  2. Go to Application Control > Custom Signatures.
  3. Click Create New. The Create New Custom Application Signature screen appears.

  4. Specify the values for the following and click OK.
    • Name - specify a name for the custom signature.
    • Signature - add a custom signature.
    • Comment - toggle the status to ON.